How To Keep Crooks Out Of Payment Processing
By Mike Monocello, editor-in-chief, Business Solutions magazine
Last week I fielded a call from a reader, Steve Norell, of US Merchant Services, who was responding to my past articles regarding the "dirty" nature of the payment processing industry. Up to that point, the best ideas I had heard regarding ways to clean things up came from the ETA and RSPA. Both point to ongoing education and certification of members.
Norell -- who sells POS and merchant processing -- started the call by telling me that neither organization was on the right path to solving the problem. His answer? Legislation. He pointed me to an article that told of a state law requiring people to pay a fee and get licensed to trim trees. He followed that up by telling me that in his office, he currently has 10,000 files containing customer names, social security numbers, dates of birth, bank information, and so on. All, without ever being required to submit to a criminal background check, get certified, or in any way participate in anything close to a vetting process.
Essentially, it's more difficult to get into the tree trimming business than to sell merchant processing and gain access to people's most private information. Information that can ruin people's lives. Norell's belief is that laws forcing an application, background check, and certification/licensing are what will clean things up.
Admittedly, since I'm on the outside of the payment's industry looking in, I'm not sure if laws requiring licensing (including a fee that would dissuade fly-by-night people from jumping in) are possible, the right thing, and/or would truly solve the problem. I certainly think such laws would help, but I'm sure there are others who aren't fans of Uncle Sam getting involved.
No matter how you feel about government involvement, it doesn't change the fact that right now there's seemingly nothing in place to keep the riffraff out of the processing business. The ETA and RSPA have their certification programs, but neither require them and (correct me if I'm wrong) neither include criminal background checks.
So, what do you think about this? Do you have any better ideas?