The regulatory reform bill known as the Dodd-Frank Act has been signed by President Obama. 

The most important area of card acceptance impacted by the bill is theFederal Reserve oversight of interchange fees established by card issuing banks and MasterCard/Visa for the processing of debit card transactions. These fees must be "reasonable and proportional" to the transaction costs incurred by the payment card network.

We can all bet that card issuers are hard at work compiling and laying the groundwork for defense of these debit transaction costs.

One aspect of the bill allows issuers to incorporate fraud losses into interchange transaction costs, but only to the extent that:

any fraud-related adjustment of the issuer … takes into account any fraud-related reimbursements (including amounts from charge-backs) received from consumers, merchants, or payment card networks in relation to electronic debit transactions involving the issuer.

This means that chargebacks the banks can defend against, (return to the merchant), must be at least partially exempt from the issuer's transactions cost calculations.  A significant percentage of chargebacks, especially for non face-to-face internet and mail/phone order transactions, can be returned to the card processor/merchant In accordance with MasterCard/Visa rules.  As such, it will be interesting to see how issuers handle these chargeback costs in their work-up.

Additionally, the bill requires issuers to "take effective steps to reduce the occurrence of, and costs from, fraud in relation to electronic debit transactions….to the extent to which the occurrence of fraud depends on whether authorization in an electronic debit transaction is based on signature, PIN, or other means; and the available and economical means by which fraud on electronic debit transactions may be reduced;"

It is well known in the industry that MasterCard/Visa and card issuers have promoted signature-based debit over pin-based transactions.  This is at least partially due to the significantly higher interchange rates for signature-based transactions.  But fraud rates are higher for these signature-based debit transactions.  Again, it will be Interesting to see how the Financial Regulations Board views the issuer’s promotion of the higher fraud signature-based  debit product In light of the Interchange cost justification.   

But the most interesting part of the legislation dealing with debit transaction costs might be the requirement for the inclusion of data security costs in the issuer's interchange calculations.  The Board has stated they will consider these data security costs as a component of fraud related costs.  But card processors/acquirers might argue that these data security costs are primarily borne by the acquiring side of the business.  The Visa Cardholder Information Security Program site states as follows:

“PCI DSS compliance is required of all entities that store, process, or transmit Visa cardholder data, including financial institutions, merchants and service providers. The PCI DSS applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. … If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may fine the responsible member.”

These costs would presumably include significant outlays for all card service providers to engage PCI approved security firms to validate PCI compliance, and for all merchants to achieve PCI compliance.    

Assuming that the bulk of data security costs are borne by the acquiring side, will the Board require that interchange rates be reduced by these costs?  If so, acquirers will in effect be subsidized for data security compliance costs, an argument that card processors and merchants have been making for several years. 

Stay tuned….