There are two types of merchant accounts which allow for business to accept credit card payments in e-commerce: Direct and Third-Party. Both systems allow for a wide range of choices for what they accept, their methods of processing, schedule of fees, etc.
A Direct Merchant Account (DMA), also named Merchant ID (MID), refers to a bank account that an online merchant is required to open in order to allow for credit and debit transactions to take place. An Acquiring Bank will open such an account for the merchant through a Payment Processing Provider (PSP) who will open the account on behalf of the merchant (in the merchant’s name) and will manage the account for him so that payments are transferred and processed through the correct channels.
The PSP is hired to make the payment process easy for the merchant, thus all administrative details with the bank are taken care of by the PSP. The PSP also often offers a turn-key solution for the customer including the payment gateway for fraud prevention and other processes.
If the merchant is PCI DSS certified (an industry standard for all companies that store, process or transmit information, to ensure secure systems for these processes), it is an option for the payment page to be hosted on his own website because the certification allows him to hold the payment data on his system. If the merchant is not certified, the payment page should be hosted on the side of the PSP who must be PCI DSS. In this way the merchant is being compliant with PCI regulations. The merchant may prefer not to host his own payment page for convenience sake, in which case the PSP takes on the role and manages the initial payment made by end-users and the customer’s details.
(PCI DSS and different types of technical integrations will be discussed in greater details in a future publication)
2020 Global Market Outlook: How the “Known Unknowns” Can Affect CurrenciesGo to article >>
Because the account belongs to the merchant in the case of a direct merchant account, he is held accountable for his own transactions and will be held responsible, by the acquiring bank for all chargebacks that occur on the account.
The alternative to a Direct MID is a Third-Party Account or aggregation account which is when, instead of having a direct merchant account in his own name, the processor opens a sub-account for the merchant into an existing special type of account established under the processor’s name, hence the name: Third-party account. Using this aggregation model, a processor may open many different merchants under a single account. Unlike a DMA, the account belongs to the PSP through which the merchant’s transactions are processed.
The PSP, once again, must be PCI DSS certified and the payment page of the merchant will be hosted on the PSP side. Should the merchant be PCI certified, some processor could consider granting them with the ability to host his own payment page, however this is rare and usually not very compliant with the bank’s guidelines since the merchant of records is the Processor in this case and therefore its name should appear on the payment page, and the only way to ensure it does is to host it on the processor side. Also note that in the Third Party model, since the merchant of records is the processor, the lingo changes a little and the merchants become vendors. On such payment page you will usually find a statement stating that the processor is an authorized “reseller” of the “vendor” products.
In the case of a third party account, the merchant is still held responsible for his chargebacks but this time by the processor and not by the Acquiring bank.
We will explore the pros and cons of these two accounts in another publication, in which the focus will be: which account is better for you and your business.