The Guardian website published this article from the Observer, which talks about unlicensed gambling websites and that this is a bit of a problem. It talks about people losing significant amounts of money on these sites, although it’s difficult to see how an unlicensed site is going to make you gamble more than a licenced site, since gambling is based on hooking the punter and then reeling them in, and that’s going to be the same regardless of whether the site is licensed.
It then goes on to attempt to justify the headline linking Mastercard and Visa with illegal gambling sites. The reality is that the Card Schemes are not linked directly to these illegal gambling sites, and the article does make this point, but could they be doing more?
I know that the Card Schemes are not directly responsible, and I am aware that they flash a lot of cash to prevent their global networks from being abused. I also know that if you read it in the papers or see it the BBC, it must be true, and you can convince people of pretty much anything.
Payment systems are complex systems, but they are designed to look easy; payment systems should be invisible, or at least unobtrusive. What they should not be is a hindrance, so usually, the only time people will notice a payment system is when it isn’t working.
People don’t know how payment systems work, and why should they? The readers can’t tell if the paper is reporting this stuff accurately, and usually, neither can the reporters.
That being said, the nature of global payment chains is such that they can only work if they are essentially self-policing, and this must be the case as there is no global body to oversee the processes – and there shouldn’t be. Merchants are routinely checked out by PSPs and Acquirers, who are reciprocally checked out by Merchants. Issuers assess Cardholders, and equally, Cardholders would be quick to report any Issuer shenanigans. The checks and balances exist within the links of the chain, but they need to be acted upon when identified.
At the midpoint of the transaction chain sit the Card Schemes, and there is no way that they can be expected to check the validity of the MCC on every transaction, it would be unreasonable to think that they should, and it isn’t their role! Their function, surely, is to ensure the safe passage of all transaction requests as without this, there can be no trusted payment process infrastructure.
But Visa and Mastercard (and the rest) must bear some of the responsibility for high-risk transaction abuse, and I accept that whilst they can identify these transactions, they cannot determine their legitimacy. Transactions originating from Bad Actors can only be determined by the Merchant (Hmmm!) and the PSP/Acquirer, although it’s probably the case that they will have already been identified – by the Cardholders.
The practice of flipping MCCs to hide the true nature of a Merchant might start with the Merchant, but it takes place within the domain of the PSP/Acquirer, and we shouldn’t forget that these guys are making money from high-risk transactions. If they can hide the nature of their processes from the Card Schemes … Happy Days!
So, the Merchants are policed by the PSP/Acquirers, who are in turn policed by the Card Schemes, who will also be in receipt of reports of questionable practices from the Issuers on behalf of their Cardholders.
It’s not beyond the capabilities of the Card Schemes to hold the PSP/Acquirers to account. They have the power to come down hard on the PSP/Acquirers, if they were of a mind to do so. The report might be a bit harsh, and the reality is much more complex, but they haven’t completely missed the mark!
