E-commerce market is regulated rather heavily by Visa and MasterCard international payment systems. Companies not certified for compliance with PCI DSS may not be engaged in this business.
Servers and infrastructure of CNP Processing GmbH are scanned by an external QSA quarterly.
All risks on the part of acquirers occur when there are chargebacks for merchants..
In case of chargebacks connected with fraud, all risks lie on the issuer (because CNP is certified for compliance with 3-D Secure). Acquirer’s potential risks may arise only in case of
Chargeback, non-transactional fraud - resulting from improper quality of merchant’s work (failure to deliver goods or services), its bankruptcy or fraudulent activities.
Bank bears only potential risks of acquirer (issuer’s risks are out of the scope of this project).
According to agreement between bank and online store all risks of acquiring bank lie on the merchant.
Merchant shifts them to cardholder because transactions secured by 3-D Secure are conducted with use of personal password known only to cardholder and issuing bank.
CNP Processing GmbH will work only with particular number of the biggest and the most reliable merchants in the country. Bank approves of each merchant through conclusion of standard acquiring agreement. Merchants’ accounts are kept with the bank and all transactions with merchants are conducted through the bank.