Regulations for digital commerce abound and mistakes can be costly. For example, GDPR violations can range from €20 million, or $21.7 million, to 4 percent of the firm’s annual global revenue from the previous fiscal year (whichever is greater). To safeguard your business, you need to achieve payments compliance.
Right now, achieving payments compliance is a daunting task. A number of big-name regulations have been enacted in recent months, from GDPR to CCPA and PSD2 to the Wayfair Act.
Payments compliance is pretty complicated. But it’s not impossible, and it’s absolutely necessary for the health of your business. That’s why we’ve put together this quick guide to help your business comply with all necessary regulations and accept customer payments worry-free.
The 6 Compliance Categories You Need to Know
Despite this complexity, there is good news. The wide array of digital commerce compliance rules fit into a consistent set of categories, so they’re easier to comprehend than you might expect. Consider these 6:
- Payment network policies (e.g. Visa’s rules around free trials, and NACHA (National Automated Clearing House Association), which have their own unique set of policies.)
- Data privacy (such as CCPA in California)
- Consumer security (like PSD2)
- Payment Card Industry Data Security Standards, aka PCI (which regulates control of credit card data)
- Tax collection (for instance, the Wayfair Act)
- IT Security (ensuring your business is protected against hackers – with things like data center redundancy and other security investments).
Broadly speaking, all regulations can be sorted into these buckets — and all of these buckets are filling rapidly. A major payment trend to watch in 2020 is the steady rise in the number and type of payments regulations, and that trend shows no sign of stopping. There are many components that businesses must keep in mind; for example, it is not just card networks that have their own policies, but also payment networks. Every payment type has its own set of policies and the right payments provider can help you stay abreast. Additionally, on the consumer security front, CCPA has sparked discussion of similar regulations in nearby states. Similarly, with PSD2 implementation underway in the EU, other regions are sure to follow.
An Action Plan for Payments Compliance
Monitor everything (or work with a partner that does).
This all means that payments compliance is becoming more difficult to achieve. Above all, if you’re working toward compliance, you need to closely monitor all regulations that impact payments, particularly as regulations are added or updated.
You also need to dissect (preferably with legal counsel at hand) which regulations apply when. The Wayfair Act, for example, imposes sales tax on online purchases, but each county, town and state can make independent decisions and impose distinct rules for that sales tax, including which products are eligible to be taxed. The application of those rules can depend both on where your business is based and where the product is sold, but there’s no one clear rule.
In other words, it gets complicated quickly.
To achieve payments compliance on your own, you’ll need to dedicate significant energy just to identifying current regulations and their impact. To avoid a compliance headache, a smarter alternative is to work with a payments provider that’s monitoring all of these changes and easing difficulties for you and your business.
Update your tech infrastructure accordingly.
Much of the core work needed to achieve payments compliance comes in the form of tech updates and website functionality. Data privacy, for instance, requires updates like the ability for visitors to opt out of cookies. Card scheme policies have called for changes like adding an additional checkbox customers can select to allow your site to store their credit card info.
To understand what changes need to be made, you’ll need to dig into the requirements and implications of each regulation. You then need to execute the necessary changes with a developer team and implement any internal process changes (such as how you store customer data). Again, this task is daunting, and far easier with a payments solution that offers built-in tools and resources to guide you to compliance a better way.
A Partnership that Pays Off
Compliance is complicated, and there’s no simple way around it — after all, you don’t want your plumbing to spring a leak. To achieve payments compliance, you need to put in an enormous amount of work and tie up all the associated loose ends.
Or, you can work with a partner that knows a thing or two about payments compliance.
When you partner with a payments expert, you can focus on your business. You don’t have to know all the details or sink in your own time. Instead, you can work with a partner that is dedicated to compliance and rest assured that everything is done right, with no chance of leaks (or lawsuits).
BlueSnap: a single solution for achieving payments compliance.
At BlueSnap, we’re dedicated to a simple compliance goal: we’ll handle everything, so that you can focus on your business and sell your goods without worry. That’s why our All-in-One Payment Platform is fully compliant with all privacy, security and card scheme rules.
We’re also compliant with the Level 1 Payment Card Industry Data Securities Standards (PCI-DSS), which is the highest standard of PCI compliance. Whenever shopper’s cardholder payment data is transmitted, processed, or managed through the BlueSnap platform, BlueSnap takes responsibility for the proper security of the data entrusted to us in accordance with PCI-DSS requirements. Merchants that use BlueSnap’s All-in-One Payment Platform benefit from having the main burden of PCI compliance covered by BlueSnap. This standard includes encryption of data in transit and at rest, periodical penetration tests and ethical hacks, and deployment of security defenses and infrastructure (such as intrusion prevention systems, data leak protection software, endpoint security protection).Nevertheless, as merchants have access to transaction invoices they must carefully manage the administration of such data in line with relevant privacy legislation and Card Association rules.
Additionally, we have plugins like Avalara that can help ensure you are compliant with local tax requirements, and we’re constantly working to build out more robust solutions. When you connect with our gateway, you know all your transactions will comply with all payment regulations.
We also take this compliance partnership to the next level by working to ensure that our customers have all the information and support they need. In other words, we don’t just stop at payments compliance. We work to advise you on any regulations your business needs to follow, such as GDPR’s implications for your contact database. Our team monitors and tracks all regulation changes and consistently informs our customers about any major implications, as well as the next steps to take.
In other words, there’s a simple solution to payments compliance: find the right payments partner.