Initial Risk Assessment

This is a general outline of Integrity Bankcard Consultants, Inc.'s Initial Risk Assessment. This outline concentrates on minimizing risk for the ISO and compliance with VISA/MasterCard rules and regulations and FDIC/OCC and FTC review guidelines. During this Assessment other risks in the acquiring program may be observed and recommendations will be included in the Final Client Report.

Underwriting

Review merchant processing agreements and ISO agreements to:
  • Minimize the risk to the ISO.
  • Maximize the tools that the ISO has available to reduce losses.
  • Determine that all required VISA/MasterCard language is included in the merchant application and that it is in compliance with all FTC guidelines.
Review underwriting processes for:
  • Adequacy to minimize risk to the ISO.
  • Adequacy to cover minimum requirements of VISA/MasterCard and FDIC/OCC.
  • Adequacy of written underwriting policies and procedures manuals.
  • Determine if underwriting processes are being followed and files indicate such. [1]
  • The "Best Practice" use of all available tools to analyze merchant application review.
Risk of Current Portfolio

Review merchant base for:
  • Merchants that the ISO should not be processing for.
  • Merchants that the ISO should be getting additional security from.
  • Merchant use of all available tools to minimize chargeback risk.
Review risk monitoring practices for:
  • Adequacy to minimize risk to the ISO.
  • Adequacy to cover minimum requirements of VISA/MasterCard and FDIC/OCC.
  • Adequacy of written underwriting policies and procedures manuals.
  • The "Best Practice" use of all available monitoring tools.
  • Proper termination of merchants according to VISA/MasterCard requirements.
  • Proper termination practices to reduce risk to the ISO.
  • Coordination between chargeback group and risk monitoring group.
ISO Service/Provider Risk Standards and Background Investigations

Review the ISO's procedures to ensure that ISO is in compliance with all VISA Enhanced ISO/Service Provider Risk Standards:
  • Complying with the minimum standards and registration procedures that members must follow in regard to ISO's.
  • Use of the VISA required financial reviews, on-site ISO reviews and background investigations of ISO's, its principals and employees as required.
  • Adequacy of the security controls the ISO has in place including the auditing process, management and exception reporting and cardholder information security practices.
  • Existence of all applicable Account Information Security Standards as set forth by VISA/MasterCard.
[1] The FDIC in recent audits has put a heavy emphasis on looking at various merchant files for inclusion of all of the materials required to make the underwriting decision as detailed in the Underwriting manual.

Copyright 2010 - Integrity Bankcard Consultants, Inc.
Privacy Statement