U.S. Acquirer’s Underwriting Rules Update

Navigator Edition: March 2016
By: Raymond Carter

On its second quarter 2014 earnings call, CEO Charlie Scharf announced that Visa “will be eliminating close to half of our operating rules.” Since that time, there have been several changes that may impact how acquirers underwrite merchants. Not long ago, the Visa rules stated, “An Acquirer must conduct a physical inspection of the business premises of a prospective Merchant.” The footnote “whenever feasible” was later added and this requirement continued until recently. As of October 2015 Visa no longer specifically requires a physical inspection of a business. The market has evolved with acquirers automating much of the underwriting and onboarding processing, and for many, the physical inspection has been replaced by a verification of the business location using various sources such as third party databases and electronic maps. The technology advances in this area outpaced the modifications to the rules until recently.

Similarly, just a few years ago Visa required that “an Acquirer must determine that the prospective Merchant is financially responsible…” Further, “The Acquirer must also determine that there is no significant derogatory background information about any of the Merchant’s principals. The Acquirer may obtain this information through:

  • Credit reports;
  • Personal and business financial statements;
  • Income tax returns; and
  • Other information lawfully available to the Acquirer.”

Figure 1: Risk-Based Underwriting Due Diligence

Figure-1_-Risk-Based-Underwriting-Due-DiligenceSource: First Annapolis Consulting research and analysis.

Both the site inspection and credit assessment requirements have been replaced by: “Before contracting with a prospective Merchant or Sponsored Merchant, an Acquirer or a Payment Facilitator must conduct an adequate due diligence review to ensure compliance with the Acquirer’s obligation to submit only legal Transactions into VisaNet.” This change is significant to the underwriting departments of acquirers and ISOs.

MasterCard’s 2015 Security Rules and Procedures recommend a site inspection as a best practice, but do not require a site inspection. The MasterCard Rules do require a validity check on the business address and other information provided by the merchant. Further, MasterCard does require a credit check on all merchants with more than $100,000 in projected or actual MasterCard/Maestro POS transaction volume, with additional steps if the credit check provides insufficient information or raises questions.

For more information, please contact Raymond Carter, Principal,, specializing in Merchant Acquiring.

To read the rest of this article, please subscribe to

The Navigator Newsletter