Card Issuing & Bank Accounts

• Payment schemes
• Ranking of card issuing companies
• Card issuing - financial details
• Example of Profit & Loss calculation in card issuing
• Regulatory and license impact on card issuing
• KYC and KYB requirements in card issuing
• PCI DSS & other security requirements
• Master balance and collateral in card issuing projects
• Pay with Rewards, Pay with Points
• Multicurrency cards - 3 implementation options
• Customer service and user claims in card issuing
• How to prepare for a card issuing project?
• How can I reload payment account or card?
• Card Lifecycle Management
• VISA or Mastercard?
• Card Benefits in card issuing projects
• Prepaid, debit or credit cards - the main differences
• Tips to avoid problems when implementing card issuing
• Know Your Customer – in-house or outsourcing
• Reverse solicitation – marketing & promotion of card issuing in multiple countries
• Interchange Fees and Service Fees - rates and rules
• BIN Range or Separate BIN in Card Issuing
• Guide to IBAN setup process
• IBANs, cards, balances - how to manage all of this?

Payment schemes

In this document we describe how payment schemes (Mastercard and VISA) work.

Payment card business is a large global market, which was developed in the USA in the first half of XX century and has grown globally. In this document we will describe the main business principles and in the next chapters we will go into more details. We will focus mainly on Mastercard and VISA operations, as these are the largest payment schemes in the world and the main partners we work with. 

Four Party Model

Let's start with the general relationships between the parties. In the Mastercard and VISA 4-party model (which is actually 5-party model) there are the following players:

1. Cardholder - has a contract with Card Issuer, which is usually a bank, financial institution, payment institution, credit union, etc. Cardholder keeps a card in a plastic or virtual form that he/she gets from Issuer. Cardholder makes a purchase transaction at Merchant or sometimes withdraws money from an ATM. In the case of an ATM transaction, the ATM operator (usually a bank) acts as Merchant in a standard purchase transaction.

• Cardholder is happy because he/she does not need to carry cash all the time and has money all the time in their pocket or phone.
• Cardholder has to pay card fees to Issuer for getting a payment card.

2. Merchant - delivers goods to Cardholder, but does not receive cash immediately, but accepts the card transaction, which gives him/her almost 100% confidence that he/she will receive money in a few hours or days.

• Merchant is happy because he/she sold goods, usually having sold more than Cardholder could afford with cash. Imagine the situation where you have to pay cash all the time. Would you always carry enough cash with you? What if you want to buy something, but you do not have enough cash? 
• Merchant has to pay the so called "Merchant Fees" to Acquirer for processing the transaction. Usually, Merchant Fees are between 0,5-3% depending on transaction value, country, merchant segment, type of card etc. Merchant fees cover most, if not all, of the transaction processing costs. They usually include all the fees charged by Acquirer, Issuer, Mastercard or VISA for the transaction.

3. Issuer - Issuer is usually a bank, credit union or any other payment institution that delivers payment cards to cardholders (consumers or businesses). Issuer signs contracts with cardholders. On the other side of business, Issuer has a franchising or licensing contract with VISA and Mastercard and connects to their network using Issuing Processors. Verestro and our partners (for example Quicko) plays the role of Issuer and Issuer Processor in our card issuing or BIN sponsorship projects. During the transaction process, Issuer usually gets authorization, clearing and settlement messages that result in transfer of money from a cardholder account to Acquirer so that Acquirer could settle the transaction with Merchant.

• Issuer is happy because they charge card fees to Cardholder (for example monthly per card) and get transaction fees called Interchange Fee from Acquirer. Interchange fee is a very important part of Merchant Fees. In the European Union for consumer cards it is usually in the value of 0,2-0,3%, but in many countries, especially for business and credit cards, it can amount to 1-2% of the transaction value.
• Issuer has to cover costs of card issuing, which include:
  • Cost of payment scheme (Mastercard or VISA) incl. monthly connection, license, authorization, clearing and many many other fees. This is usually the main part of Issuer's costs.
  • Cost of other processors incl. transaction authorisation, card maintenance, card tokenization, plastic card manufacturing, personalisation, delivery, etc.
  • Regulatory costs incl. payment license operations, Anti-Money Laundering processes, etc.
  • Various costs connected with maintaining a relationship with Cardholder incl. proper communications, SLAs, etc.

4. Acquirer - Acquirer is usually a bank or payment institution that signs contracts with merchants, settles payment transactions with merchants and has acquiring contracts with a payment scheme. Acquirer usually provides a payment terminal to merchant locations, and makes sure if it works and is ready for transactions.

• Acquirer is happy because they charge Merchant Fees that usually consist of transaction fees (0,5-3%), sometimes fixed fees per transaction (0,01-0,5 EUR) and monthly fees per terminal.
• Acquirer needs to cover various fees, including regulatory fees, payment scheme costs, cost of processors, terminal purchase and costs of operations.
  

5. Payment Scheme - Payment Scheme (i.e. Mastercard or VISA) are key for keeping the model running. They develop technical systems that issuers and acquirers are connected to, they process transactions, they develop the market. However, they are also the biggest beneficiaries of the market growth as every new transaction represents revenue for Mastercard and VISA.

Key Processes

There are several processes that take place during card and transaction processing, and here we will briefly describe the most important ones:

• Card issuing process - this process or set of processes consists of multiple actions that Card Issuer needs to perform to issue a payment card. They are the following:
  • regulatory compliance - every card issuer in the world needs to comply with law, get license from a national bank or financial regulator, work according to their recommendations and rules,
  • Mastercard integration and licensing - it consists of a formal process, providing necessary cash collaterals, doing technical integration, getting security certifications etc.,
  • card creation process - after signing a contract by a user, Card Issuer needs to create a new card number (using BIN of the issuer - BIN = first 6 or 8 digits of card). When a card number (PAN = Primary Account Number) is created, the card can immediately work as a virtual card or can be sent for personalisation if it is a plastic card. Usually, after the user receives the card (virtual or plastic), the user starts the card activation process, sets the card PIN and can start using it.
• Transaction process - this process consists of several operations that result in transfer of money from Cardholder account to Merchant. They are the following:
  • Authorization process is an action that ensures that Merchant can immediately get information if Cardholder has money on his/her card account and if this card is not stolen. The authorisation can happen online (a direct request to Issuer's system to check the balance and card status) or offline (in this case a chip on the card makes a decision if it can approve the transaction without asking Issuer's systems).
  • Clearing process is an action of payment scheme during which clearing files are delivered by acquirers to payment scheme and payment scheme calculates how much money each Acquirer should receive from each Issuer in the world.
  • Settlement process is a process of transferring money from issuers to acquirers and later to merchants so that finally Merchant receives the transaction amount, less Merchant Fees, on his/her bank account. Every Issuer and Acquirer has settlement bank accounts that are used for transferring money from or to. Payment Schemes operate those accounts using something like Direct Debit / Credit to transfer money between Settlement Accounts of various financial institutions.
  • 3DS - sometimes additional authentication mechanisms are used to ensure that the person initiating the card transaction is the actual cardholder.  In the case of eCommerce transactions this process is called 3DS. During an Internet transaction, the user's browser opens the bank's website, where the user can authenticate the transaction using one-time passwords or other forms of authentication developed by Issuer.  After the 3DS authentication is verified, Acquirer receives a special cryptogram that is included in the authorization message and validated later by Issuer during the authorization process.
  • Tokenization - tokenization is a process of exchanging a real card number into a token number (similar to a card number) to enable digital and contactless payments. Usually it is connected with transactions performed in cooperation with the so called X-Pays (i.e. Apple Pay, Google Pay, Fitbit Pay etc.). The process of tokenization requires an integration with Mastercard Digital Enablement System (MDES) or Visa Tokenization system (VTS) to enable tokenized payments.
  • Refund and reversal - special type of transactions that enable reversing payment transaction either immediately (reversal) or later (refund). Once this process has been initiated, Cardholder can receive money back after successful authorisation.
  • Chargeback - process of complaint management. It can be initiated by Issuer in case Cardholder informs Issuer that he/she did not do the transaction or did not authorize it, or goods were not delivered etc. The process is costly for Issuer and Acquirer but ensures security of the system for cardholders.
  • Card-to-card transactions and payouts - the so called "payment" or "credit transactions". In a standard purchase transaction money is transferred from Cardholder to Merchant. In a card-to-card transaction or payout transactions, the user gets money on his/her card or on the account linked to the card.
    

There are other important processes associated with payment systems and card transaction processing, but let's stop here and take a short break to understand these critical processes. 

Ranking of card issuing companies

How to choose a BIN sponsor and card issuing partner?

Choosing a BIN sponsor or card issuer is a difficult decision for many partners. Most of our partners do not come from the payment card business, so they learn by doing. In this chapter, we are going to describe the key decision factors of choosing a card issuer and make a simple ranking that we will be upgrading and updating in the coming months and years, as not all information is available to us immediately. On purpose, we will not compare other companies to us, it would not be fair to include Verestro - our goal is to educate in this article.

There are the following key decision factors in choosing a card issuing partner:

1. REVENUE SHARE - Cards issued for my users bring various revenue streams. Are they shared with me? 

• • Does the card issuer share 100% of interchange with me?
  • What is the currency conversion rate that the card issuer shares with me?
  • How can I impact and earn on ATM withdrawal fees?
  • How can I impact and earn on various consumer fees?
  • Can the partner help me with getting the Mastercard or VISA marketing and financial support in the short and long run?

2. COSTS - Obvious point.

• • What are fixed and variable fees?
  • What is the level of fees in case of low volumes and high volumes?
  • Is there any opportunity to minimize costs as the business grows? 
  • Read this article for more info on standard card issuing costs: Card issuing - financial details

3. FUNCTIONALITY & SERVICE - a very important point. Critical in the long run. 

1. • Does the partner have mandatory functionalities?
   • Does the partner offer currencies that I need for my users?
   • What are other products that can increase usability or profit that the partner offers?
     • Maybe a loyalty program?
     • Any insurance offers and additional benefits that could be sold to customers?
     • Perhaps invoice scanning and expense management? 
     • Maybe white label solutions?
     • Card reload mechanisms?
     • Payouts to cards?
     • etc.
   • Does the partner offer quick access to a developer zone or a test environment? 
   • Does the partner make their APIs public?

3. SECURITY AND FINANCIAL STABILITY - a critical point. Maybe it should be the first one.

• • Is the partner a small start-up, burning money or a payment institution generating profits? Can you imagine what would happen to your portfolio and users in case of bankruptcy or hostile takeover? 
    
  • Who are the shareholders of the partner? Are these venture funds or strategic, long term investors?
  • Does the card issuer make their financial statements public?
  • Does the partner offer support in solving PCI DSS issues (Payment Card Industry Data Security Standards)?
  • Is the partner audited annually? 
  • Does the partner work with banks and other large financial institutions or focus only on small, high-risk startups? 

Here's an initial comparison of the best known card issuers in the European Union (grades: low - high):

Name	Country	Revenue Share	Costs	Functionality & Service	Security & Financial Stability
Treezor.com	France	Medium	High	Medium	Medium
Swan.io	Denmark	Medium	High	Medium	Medium
Dipocket.org	Lithuania	High	Medium	Low	Low
Solarisgroup.com	Germany	Medium	High	Medium	Medium
Wallester.com	Estonia	Medium	Medium	High	Medium
Stripe	USA	Low	High	High	High
Weavr.io	Malta	Medium	Medium	Low	Medium
Verestro	Poland	Make your own assessment	Make your own assessment	Make your own assessment	Make your own assessment

Source: Financial Stability results based on 2022 or 2023 results available in Internet; all other data from publicly available sources. Please make your own assessment.

Card issuing - financial details

How can I earn from card issuing? This is a common question that is asked by our customers. Let me explain the key financial areas connected with this business. 

Indirect revenue or cost savings

Usually, the main reason for issuing cards in different segments is indirect revenue or cost savings. The first question that you should ask yourself is connected with your use case. What can a payment card bring to my customers or my business? The answer to this question is different for various business segments and is the most important factor in defining a financial model for such an operation:

• If you are a bank, payment cards are obviously a core payment product that lets you earn from various transactions, currency conversions, ATM withdrawals and other fees.
• If you are a fintech wallet, it is obviously an important functionality because you compete with banks. It can increase your revenue streams from the same areas as above.
• If you are a crypto wallet, you want to offer to your customers a way to use digital assets at brick-and-mortar shops and in eCommerce.
• If you are an insurance company, you may want to send insurance in the form of a virtual card with a particular transaction and geographic limit so that your customer could immediately get necessary help.
• If you are an investment wallet, where users store value in the form of shares or bonds, you can offer payment cards to them so that they could pay using their shares at standard shops.
• If you are an eCommerce merchant or marketplace, you may be interested in using payment cards as a way to send back money to your users after their claim so that they could use this card for an eCommerce payment.
• If you are a small, medium or large corporation, you may want to distribute cards to your employees so that you limit costs of invoice processing and company invoicing.
• If you are an HR agency, you can use cards as a tool to pay salaries to your employees
• If you are a loyalty program owner, you may be interested in enabling users to use your points and make purchases at any location in the world.
• etc.

There are many use cases and this is the main value for you. You can charge additional fees for this new service offered to your users, or you can limit your operating costs thanks to card issuing. However, there are direct revenue streams and costs associated with issuing cards and I will describe them below:

Direct revenues of card issuing

The following direct revenue is connected with card issuing and card transactions:

1. Interchange Fee - when your user pays online or offline at any merchant, there is a fee called Interchange Fee that the issuer of cards receives for this transaction. The value of this fee depends on the country, transaction type, card product type, etc. In general, it is between 0,2% (for consumer debit cards issued in Europe) to 1-2% (for various types of cards for transactions done on other continents). Make sure you check with your card issuer or BIN sponsor how they share this fee with you - it is the most important revenue stream.
2. Currency Conversion Fee - every card transaction done in another currency than currency of a card account results in currency conversion. This action usually enables charging fees. Typically, they are between 0,5% to 8% depending on card product, country, currency, etc.
3. User fee - card issuers, banks, financial institutions usually charge various user fees for using their payment card. Examples of such fees are: one-time fee for issuing a card, monthly fee per card, annual fee per card.
4. Transaction fees  - depending on a card product and a type of transaction, card issuers charge users additional transaction fees. A very standard fee is an ATM withdrawal fee - it is almost always valid because there are direct costs of an ATM withdrawal called ATM Service Fee and these costs need to be covered. Sometimes card issuers charge POS or eCOM transaction fees - for example 0,1% fee for every transaction done with a card.
5. Value added services - a card product enables you to charge additional services, i.e. insurances, VIP support, concierge etc. that increase your revenue streams.

Direct costs of card issuing

1. One-time fee for card issuing - usually 0,1-1 EUR. This fee is charged at the moment of card issuing. This fee covers costs of payment processors, various costs of operations connected with issuing the first card.
2. Monthly fee per card - usually you pay 0,1-1 EUR monthly per issued card. This covers both technical, regulatory and financial risk costs of card issuers.
3. Transaction fees:
   • per transaction (from 0,05-0,3 EUR) - depends on a type of transaction, region of transaction etc.
   • per transaction value (from 0,01%-0,5%) - depends on a transaction value.
4. ATM service fee - very specific fee which is part of a transaction fee in fact. For every ATM withdrawal, a card issuer needs to pay a fee which is transferred to an ATM operator. Usually, it is in the value of 0,5-3 EUR + 0-1% from the transaction value.
5. 3DS operations fee - transactions in eCommerce require additional authentication. Such an operation usually results in an additional fee charged by a card issuer (0-0,04 EUR per transaction).
6. Apple Pay fees - Apple charges additional fees for using Apple Wallet. Those fees are both per card quarterly and per transaction volume - different for POS transactions and inApp transactions. We are not allowed to disclose the level of these fees.
7. Plastic card related fees - production, personalization and transport of plastic cards is a serious operation that involves various costs. Typically, between 2-5 EUR per card depending on customer location, type of card, etc.

These fees are usually charged by card issuers and BIN sponsors to their partners. They have to charge them because there are various costs that we need to cover (this issue also applies to Verestro and our BIN sponsors). The main card issuing costs are:

1. Payment scheme fees - Mastercard, VISA or any other payment organization charge a lot of various fees for connecting with them and using their licenses and technology. This is one of the biggest components of costs for card issuers.
2. Payment processors - this is our (Verestro's) role. To issue cards, you usually need to hire external, certified payment processors. They charge a lot of fees for using their technology. Examples of such processors are :  Verestro :) , Paymentology, Fiserv, First Data, Marqueta etc.
3.  Card manufacturers and personalisation centers - if you issue or sell plastic cards, you need to produce and personalize these cards. Companies like Austriacard, Thales, Idemia charge fees for such operations.
4. Regulatory compliance costs - to become a card issuer in any country, you need to have a payment license, get certification, fulfill necessary roles that are not present in another business. This is a serious cost for card issuers.
5. Security costs - to work with payment cards and process them, you need to fulfill various security requirements. The most important ones are summarized in the Payment Card Industry Data Security Standards. They include not only internal actions but also annual and quarterly audits that you need to perform to be compliant and offer secure operations.

There are other possible revenue streams and costs connected with card issuing, but the ones described above are the most important ones.

Thank you for reading.  

Example of Profit & Loss calculation in card issuing

Calculating profits and losses in card issuing is not easy, especially when various card issuers offer different fee and revenue models. Below I would like to show a few examples. 

Let's imagine we are a fintech wallet with 10.000 users and we would like to issue cards for these users. The first step we need to take is to try to forecast key parameters of product, transaction, revenue and cost assumptions:

1. Product
   • Product - Debit Business Mastercard card
   • Settlement currency - EUR
2. Transactions
   • Average number of cards in a year - 10.000
   • Offline POS transactions in Europe: Number of transactions per month - 5 ; Average Transaction Value (ATV) - 30 EUR
   • Online eCom transactions in Europe: Number of transactions per month -  3 ; ATV - 40 EUR
   • ATM transactions in Europe: Number of transactions per month - 2 ; ATV - 100 EUR
   • Share of currency conversion transactions in Europe - 10% (transactions done in Polish zloty, Czech koruna, Romanian Lei, Swedish krona etc.
   • Offline POS transactions outside of Europe: Number of transactions per month - 1 ; Average Transaction Value (ATV) - 60 EUR
   • Online eCom transactions outside of Europe: Number of transactions per month -  1 ; ATV - 60 EUR
   • ATM transactions outside of Europe: Number of transactions per month - 0,1 ; ATV - 100 EUR
   • Share of currency conversion transactions outside of Europe - 100% (transactions done in Polish zloty, Czech koruna, Romanian lei, Swedish krona etc.
   • Share of registered ApplePay cards - 30%
   • Share of ApplePay transactions - 20% for online and 90% for offline contactless
3. Revenue
   • Interchange fee for business cards (fee from POS and eCommerce transactions; we assume 100% of interchange stays with partner)
     • in Europe - 1.2%
     • outside Europe - 1.5%
   • ATM withdrawal fee - 0.5%
   • POS and eCommerce transaction fee - 0%
   • Currency conversion fee - 2%
   • Monthly fee per card - 1 EUR
4. Costs
   • One-time fee for an issued card - 0,4 EUR
   • Average monthly fee per card - 0,3 EUR
   • Fee for offline POS transactions in Europe - 0,10 EUR + 0,1%
   • Fee for online eCom transactions in Europe - 0,10 EUR + 0,11%
   • Fee for ATM transactions in Europe - 0,9 EUR + 0,3%
     
   • Fee for offline POS transactions outside of Europe - 0,3 EUR + 0,45%
   • Fee for online eCom transactions outside of Europe - 0,3 EUR + 0,5%
   • Fee for ATM transactions outside of Europe - 0,3 EUR + 1.2%
   • Currency conversion fee - 0,5%
   • Apple Pay active card quarterly fee - 0,25 EUR

Let's do quick calculations.

Please treat it as example and make your own calculation. There will be many dependencies connected with segment, type of portfolio, detailed pricing, volume estimations etc.

Taking into account the above assumptions, you could earn 30.933 EUR monthly and 371.192 EUR annually on such a portfolio. Seems high? Interested what cost of investment is needed?  Contact us. 

Thanks for reading.

PS. If you are interested in receiving an Excel file related to these calculations, let us know at sales@verestro.com.

Regulatory and license impact on card issuing

Legal issues related to regulatory or payment scheme rules often arise in questions we receive from our partners and clients. In this article I would like to summarize key dependencies, limitations and rules that have a very important impact on payment accounts opening, card issuing and also acquiring or money transfer activities. 

When you are launching a payment institution, you have several areas to cover. One of the most important of them is a legal and rules area. Usually this impact can be divided into three main groups of activities: legal requirements, anti-money laundering requirements (which is a specific type of legal requirements) and payment scheme rules. Let me deep dive into each of them.

Legal requirements

To operate payment activities, almost in any country you need to get a payment license. There are various types of payment licenses depending on the country, so here I would like to summarize the most important details. In many cases you can hear about EMI (Electronic Money Institution license), Bank (Banking license), Credit Institution, Acquiring Institution etc. These requirements are usually connected with operational activities that the company needs to fulfill to perform payment operations for other entities. They consist of:

• Regulatory requirements in the areas of security, Know Your Customer, AML, liquidity operations, organizational structure etc.
• Audits performed by regulator
• Risk of penalties for both the company and sometimes persons involved in payment companies
• Outsourcing activities compliance
• Local laws that forbid processing customer or transaction data outside of the country
• etc.

It is important to understand details of such requirements and to follow changes of law and rules on a regular basis.

From the business point of view those requirements force us to :

• Officially register contracts with various partners at the regulator
• Get an approval for particular actions outsourced to partners
• Perform regular monitoring of payment activities done with cards issued for users of our partners
• Follow the national and EU sanction lists
• Being ready to block any transaction, account or card at any time

For our partners - just make sure that you follow the rules we inform you about. They are critical for our activity, licenses, so in fact they are securing your business. 

AML and KYC requirements

AML (Anti-Money Laundering) and KYC (Know Your Customers) are part of legal requirements but it is worth presenting them as a separate group because they usually have the biggest impact on operations. The main goal of these rules is to ensure that payment organizations are not used to launder money, support terrorist or illegal activities. They also allow governments to monitor a payment activity area which may be helpful in fighting crime activities. 

Key areas of impact of those requirements can be summarized as follows:

• Payment institution is obliged to perform KYC requirements as defined by the regulator - usually consisting of collected proofs of user identity verification (documents, videos, selfie, talks, and other measures)
• In case of business customers and business accounts, not only Board Members but also Beneficiaries of the companies need to go through a KYC and sanction list screening. Beneficiary is defined usually as a person with above 25% shares
• At any moment a payment institution must be ready to present these documents to the regulator
• Persons and entities placed on sanction lists cannot use services of a payment company
• Active monitoring of payment transactions for all users is required
• Sometimes proofs of income can be required

It is interesting that AML and KYC requirements do not block us from issuing cards or opening payment accounts for partners located outside the European Union with our payment companies licensed in the European Union. We are allowed to perform payment activities for Brazil, US, China citizens, as well as the Polish, German or French ones. 

Make sure that you collect user documents and provide them during the user registration to us to fulfill those requirements.

Payment Scheme requirements

Payment Schemes (Mastercard, VISA or others) have separate requirements that must be followed by their partners and licensees. These requirements are similar to the previous ones but not always the same. Key requirements that do have impact on business are:

• We are licensed for a particular country or region. In our case it is the European Union countries (in fact the European Economic Area, which is a slightly different area). It means that with our European licenses we can issue cards for people residing, having addresses or working in the European Union. In case we would like to issue cards for people or entities from outside the European Union we have to get special Mastercard approval which is not impossible but may be difficult to achieve.
• We must follow payment scheme requirements on sanction lists and scan users and beneficiaries against OFAC (US Office of Foreign Assets Control) and United Nations sanction lists.
• We must be ready to follow Mastercard technical and rules requirements that sometimes may have impact on technical setup and use cases of your users
• In case of mandates we need to be ready to implement on time necessary system updates to reach compliance with the Mastercard network

Problematic areas

Usually problems in a business discussion come in the following areas:

• Can we issue cards for non-EU citizens? Answer: generally yes, but sometimes there may be problems, the majority of your business must be in Europe, your user addresses or office should be in Europe etc.
• What documents do we need to transfer to you during registration? Answer: selfie, international passport is usually a minimum

Following regulatory, AML and payment scheme rules is critical for payment companies. We do not have a choice. This is part of the game of card issuing and we must follow requirements. However, it is good that such rules exist. They make our customers' money safer and minimize much bigger risks of running or supporting illegal activities. 

Thanks for reading. 

KYC and KYB requirements in card issuing

KYC (Know Your Customer) processes usually raise a lot of questions. In this article, I would like to summarize the most important decision points and requirements. 

KYC regulations are directly connected with Anti-Money Laundering (AML), regulatory and sometimes with payment scheme requirements. In general, every payment or banking institution must be aware who its customers are, should know the source of its customers' funds, and should have information about the ways customers use money held by the payment institution. Regulators require that payment institutions know and monitor this in order to limit the risk of supporting terrorist or illegal actions. 

The main question in every project is: "Who is the owner of the money on account?" We can have 2 situations:

1. CONSUMERS - If the consumer is an owner of the money on account, the KYC process has to happen. Usually it means that the user (consumer - not a company) needs to provide an ID document or passport and selfie, meeting or video call needs to happen to make sure that consumer is a real person signing a contract with a payment institution. There are various additional verification ways that a payment institution may require, but those are the key ones.

2. BUSINESSES - If a company is an owner of money, the KYB (Know Your Business) process has to happen. Usually it means that the user (company owner, manager etc.) not only needs to provide an ID document and make a selfie or a video call, but the payment institution needs to verify beneficiaries (the owners of more than 25% of shares in the company). 

In both cases the payment institution is obliged to check whether the consumer, business manager or business owner is not present on various sanction lists, i.e. OFAC or UN sanction list. 

These rules are critical and in fact all other implications are outcomes of them. In projects connected with launching Payout to Cards, the very first question that we need to answer is :  "Who is the owner of the money on account?" If the consumer is an owner of the account (scenario 1) - the consumer needs to go through the KYC process. If the business is an owner of the money on account (scenario 2), the KYB process will have to happen and there will be no additional KYC.

There may be non-standard situations that will require some analysis. Let me present a few interesting scenarios:

• Lendtech - a company that provides loans to consumers. Let's imagine that this company is giving a loan of 1000 EUR to a consumer. We can have a project in two versions:
  • if the consumer receives a loan on his/her personal card - then we have the KYC requirement.
  • but if a card is just a part of Lendtech account and formally the consumer gets a loan at the moment he/she takes out money from the card account - we do not have any KYC requirement; we just need to do KYB for Lendtech. It can simplify user acquisition a lot.
• Insurance - an insurance company sends insurance value to users after a claim process or just after an accident:
  • if the user receives a gift card with 1000 EUR, which is the value of the claim, and at the moment of receiving the card, 1000 EUR on this card becomes his/her ownership - we have the KYC requirement for the user.
  • but if the user receives a card with a limit of 1000 EUR and when they pay - they use the insurer's money to cover costs of the claim, we do not have any KYC requirement. KYB will be enough for us. 
• Money transfer company - let's imagine that the company sends a virtual card with 1000 EUR from Europe to the receiver in Singapore:
  • if the user receives a virtual gift card, and 1000 EUR belongs immediately to this user, we have to do KYC of this user
  • however, if users receive a virtual card with a limit of 1000 EUR and the money becomes theirs the moment they pay or withdraw funds from the card, KYC is sufficient. KYC is not required.

As you can see, there can be different approaches to KYC and KYB requirements, so it is worth reviewing the legal structure and thinking about how to improve the user experience in such projects. 

Thanks for reading. 

PCI DSS & other security requirements

Very often customers ask questions connected with security. In this article we would like to summarize key requirements connected with Payment Card Industry Data Security Standards (PCI DSS). There are other rules that we and our partners need to follow (like GDPR for example) but it will be the topic for another article. 

The most important question that needs to be answered before going into details of PCI DSS requirements is - Am I actually processing payment card data? 

Key PCI DSS requirements mentioned below apply only in case that the partner has access to card number (PAN - Primary Account Number), expiry data or other related card data. If the partner does not touch them, if the partner cannot see those numbers there is only one requirement - a simple Self Assessment Questionnaire (SAQ) needs to be fulfilled to confirm that the partner is compliant with PCI DSS requirements. 

It is very important that you choose the correct way of integration with the card issuing platform. If you use our mobile SDKs or white label products, usually you will not have access to card data and will be able to approve your project just after fulfilling SAQ mentioned above. So please consider this way of integration to avoid additional costs and risks of PCI DSS compliance. However, if you connect via API, which is a usual way of integration, you will have to comply with security rules. Please read this section twice. This is the most important - choice of integration method will be decisive if you have to or not go through annual external audits and all hassle connected with PCI DSS. 

Assuming you do process card data, depending on what your role is, different levels will be applied to you. You can be a merchant or a service provider. In simple terms, if you do the work for yourself then you are a merchant if you want to further provide the service (intermediary) you are most likely a service provider. In card issuing projects you will rather be a service provider because you offer cards to your users. Let me give some examples:

Service Provider - wallet, crypto wallet, money transfer organisation offering cards to own users etc.

Merchant - an insurance company that wants to use a card to send money to their users, a lending company that wants to send a card to users, a corporation or SME  giving business payment cards to their employees etc.

Who is according to PCI DSS "Merchant"
PCI DSS, or the Payment Card Industry Data Security Standard, defines a merchant as any entity that accepts payment cards (such as credit cards and debit cards) as a form of payment. The term "merchant" can encompass a wide range of businesses and organizations, including traditional retail stores, e-commerce websites, restaurants, hotels, and service providers that handle cardholder data.

Under PCI DSS, merchants are required to comply with a set of security standards and practices to protect the payment card data they handle. These security measures are designed to ensure the confidentiality and integrity of cardholder data, reduce the risk of data breaches, and protect both customers and the payment card industry as a whole.
PCI DSS compliance requirements can vary depending on the merchant's size and the volume of card transactions they process. Merchants are typically categorized into different levels based on their transaction volume, with higher-volume merchants facing more stringent compliance requirements.

There are 4 levels of compliance and requirements depending on volumes of cards and transactions. 

Level of PCI DSS	Your business does	What you should do
4	·       Less than 20 000 eCommerce transactions per year ·       Less than 1 million other transactions per year	·       Complete an annual Self-Assessment Questionnaire (SAQ) ·       Conduct quarterly network scans by an Approved Scanning Vendor (ASV)
3	·       20 000 – 1 million transactions per year	·       Complete an annual Self-Assessment Questionnaire (SAQ) ·       Conduct quarterly network scans by an Approved Scanning Vendor (ASV)
2	·       1-6 million transactions per year	·       Complete an annual Self-Assessment Questionnaire (SAQ) or ROC conducted by a QSA ·       Conduct quarterly network scans by an Approved Scanning Vendor (ASV)
1	·       6 million + transactions per year	·       Complete an annual internal audit ·       Conduct quarterly network scans by an Approved Scanning Vendor (ASV)

Who is according to PCI DSS "Service Provider"
According to the Payment Card Industry Data Security Standard (PCI DSS), a Service Provider is defined as any business or entity that is not a payment card brand (such as Visa or Mastercard) and is involved in the processing, storage, or transmission of payment card data on behalf of another organization. Service Providers play a crucial role in the payment card ecosystem, as they offer various services to help businesses accept and process card payments more effectively and securely.

Service Providers can include a wide range of businesses, such as:

1. Payment processors
2. Payment gateways
3. Hosting providers
4. Managed security service providers
5. Data storage companies
6. Point-of-sale (POS) system providers
7. Customer relationship management (CRM) software providers
8. Software-as-a-Service (SaaS) providers

Service providers are categorized based on the services they provide and their interactions with payment card data. Here are some common classifications of service providers based on PCI DSS:

Level of PCI DSS	Your business does	What you should do
2	·       < 300 000 transactions per year	·       Complete an annual Self-Assessment Questionnaire (SAQ) ·       Conduct quarterly network scans by an Approved Scanning Vendor (ASV)
1 (Verestro has 1 level of PCI DSS)	·       > 300 000 transactions per year	·       Complete annual internal audit conducted by a Qualified Security Assessor (QSA) ·       Conduct quarterly PCI ASV scans

Verestro has the 1^st level Service Provider of PCI DSS, which means that we have to go through quarterly PCI ASV scans and an annual external audit performed by certified PCI DSS assessors. In accordance with the principles of PCI DSS, Verestro is obliged to check if the partner is working in compliance with the PCI rules, so we will be checking what the level of transactions and cards in your case is. 

So let's remind our two possible scenarios:

Scenario 1 (The partner does not have any access to unencrypted PAN numbers) -> THIS IS THE BEST AND RECOMMENDED SCENARIO. In this scenario you will most likely use our SDKs and admin panel and full encryption of card data. Verestro will guide which Self-Assessment Questionnaire (SAQ A for merchants) is appropriate and ask a few questions (from SAQ). The document will have to be signed by the partner.

Scenario 2 (The partner can access unencrypted PAN numbers) -> in this scenario:

• Verestro will provide a Self-Assessment Questionnaire (SAQ), and ask a few questions. The document will have to be signed by the partner.
• The partner will perform quarterly PCI ASV (Approved Scanning Vendors) scans
  (cost around 1k EUR quarterly or less) - The partner can choose any provider from the PCI Security Standards Council (PCI SSC) or Verestro can recommend a supplier.
• Until the partner reaches 0,3 mln transactions/interactions annually with PAN numbers, the partner does not need to undergo an annual internal audit (in extreme situations, it is possible to require PCI internal audit from the partner).

If the partner plans to achieve 0,3 million transactions/interactions, there are two options:

• either the partner will move to a scenario that does not touch card numbers using some technology changes
• or the partner should perform an annual internal audit done by a PCI auditor (QSA)

If you would like to discuss your requirements in more detail and receive more information, please contact us. 

Thanks for reading. 

Master balance and collateral in card issuing projects

During the implementation of card issuing projects with Verestro and our partner payment institutions, we receive questions about liquidity management and collateral in card issuing projects. Let me summarize and explain the key dependencies. 

There are two important points that need to be taken into account:

1. Collateral - this is a dedicated amount of money and account which needs to be transferred by our partner to our account to cover costs of payment risks and collateral that we need to pay to Mastercard or VISA. Usually it is between 3-5 days of transaction volume. The collateral is non-refundable until the end of the project and may grow in time together with the volume of transactions. If we do not take collateral, there is a risk that in case of growth, we will have to block the partners' transactions because we will not have enough liquidity at Mastercard or VISA accounts.

2. Master balance - it is an account (in other words cash balance) dedicated to our card issuing partners where our partner stores his own money which covers fees paid to Quicko and/or transaction settlement in case of working with external balance API. There are two possible situations that affect the amount of the master balance:

• • Scenario 1 - In case External balance API is used which means that partner keeps information about user balance and every transaction authorisation is routed to partner for approval. In such a case we have to keep the Master balance of the partner up to the amount of transactions. Every transaction authorisation is verified by the partner but also on our Master balance account. A day later we have to settle money for this transaction with Mastercard so we must have enough cash on Master balance to cover this transaction amount. Every day or any time our partner transfers additional money to the Master balance to make sure that there is enough liquidity to cover costs of transactions of their users. This means that the amount on the Master balance is high enough to cover transactions of users during a day, week etc. 
  • Scenario 2 - In case internal balances are used, we have a situation where all users' money are kept at our payment institution. It means that the partner does not need to provide additional funds to cover transaction volume. In such a case the partner needs to transfer just an adequate amount to cover the amount of transaction and card fees to be paid for card issuing activities. 

In all card issuing projects both collateral and masterbalance exist so please make sure you are aware of differences between those two definitions. 

Thanks for reading. 

Pay with Rewards, Pay with Points

There are multiple use cases in where you can use virtual Mastercard payment cards. Let me explain how it works, how you can offer your users a loyalty program or another point-based program to make transactions at any merchant location. 

Let's imagine you provide a loyalty program for your users. You can also have any other point-based offering that enables rewards. You are interested in launching a program in which your users will be able to pay at any merchant location with a Mastercard virtual card. 

In such a case you could use our card issuing services with External Balance API. It would work in the following way:

1. We launch a business card program for you. We perform Know Your Business verification with you as a company. Every card issued in the program will be in fact a payment card of your company.
2. You integrate with our Lifecycle API in order to register users and request cards
3. You integrate with card issuing API to manage cards and with External Balance API to be able to authorize transactions.
4. We would also integrate your solution with Apple Pay and Google Pay, and the cards would have your visual. Thanks to this, your users could easily use them for any payment.
5. You have to decide what the value of a single point is. You will receive from our system authorization for 20 EUR and  you will have to approve or decline this transaction.
6. We will ask you to open an account at our partnering payment institution - you will have a Master balance which will cover direct settlement of payment transactions. You can reload Master balance every day. 
7. From that moment users will be carrying your payment cards in their Apple Pay and Google Pay wallets and every transaction will be routed to your system for authorization. At the moment of transaction we will use Master balance to cover the transaction cost and you will charge point balance of the user.
8. Additionally, you could limit merchants where users can make transactions and get an additional fee from the merchant for enabling transactions at a particular merchant. 

In today's payment world, such a project is easily available and not difficult to implement. There is a simplified integration and after several weeks you can go live with a new functionality. 

Thanks for reading.

Multicurrency cards - 3 implementation options

Multi-currency topic is an interesting and important concept of card issuing that usually requires some explanation. Because of the very big market of currency conversion and usually very high fees of universal banks connected with international transactions, it became popular to implement multi-currency cards. Actually the first Revolut use case, heavily promoted several years ago, was connected with this topic. So let's go into details. 

There is actually one problem that we want to solve when thinking of implementing multi-currency cards - how to enable the best and most effective card payments in an international environment? There are various approaches to this problem:

Scenario 1 - multi-currency cards and accounts

In this example we offer users multiple payment accounts in various currencies.

1. The user gets a single payment card connected with all accounts
2. In case the user pays with currency X, the authorisation system recognises transaction currency and debits account of currency X
3. In case there is no money on this account, system debits another (default) currency
   

This example is very often used, but it has a few disadvantages. The first is that the user must perform currency conversion before. It is an action before his/her travel and actually it is an unnecessary action from the logic's perspective. It should be more convenient for the user to have one account and cheap currency conversion during every transaction. But usually consumers like the solution because they can manage this currency problem in advance, see FX rate and can make decisions on how much money to convert. 

Implementation of this scenario is not easy because card issuing companies either need to enable multi-currency functionality with Mastercard / VISA  or to implement multiple settlement accounts with payment organisations and manage conversions accordingly based on transaction currency. There are additional fees that Mastercard and VISA charge for this service which can make this implementation costly.

Scenario 2 - currency conversion on single account

Another way of solving the currency conversion topic is to think about how to enable the cheapest conversion during a transaction. In this example the user does not have to convert currency before his travel. He just uses his card while travelling. I personally like this approach the most because it is easier for me but in reality many customers prefer scenario 1. 

In this scenario, to have dynamic rates, there is a need for online FX API integration and dynamic management of rates during authorisation. Usually card issuers use static conversion rates offered by Mastercard and VISA but this leads to some additional costs and margins. Ensuring dynamic currency conversion during authorization and proper conversion management may be difficult to achieve. 

Scenario 3 - multiple cards for different currencies

The third way of managing the multi-currency topic today in the virtual card environment is issuing multiple cards to multiple accounts in various currencies. In today's world this is easily achievable as the cost of card issuing went heavily down. It works in the way that users have several cards, connected with various accounts and card visuals, visible in Apple Pay or Google Pay with the currency of a particular card. The user can choose a card which is the most convenient for him/her.

In this scenario we need to offer an inexpensive currency conversion mechanism as the user needs to manage balances on each account separately and perform conversion in advance. 

This is actually the cheapest scenario of implementation.  

While thinking about the multi-currency topic, please consider various scenarios and ways of solving problems. Sometimes the default plan (scenario 1) can be very costly from the transaction processing perspective because of additional fees of payment schemes. 

Thanks for reading.

Customer service and user claims in card issuing

Once you start issuing cards for your users you will experience a wide range of various problems and requests coming from your customers. In this article we would like to summarize the most common issues so that you could get prepared. 

Those are:

1. Transactions not working
2. Problems with delivery or activation of plastic cards
3. Transaction reversals and refund issues
   
4. Fraudster activity

Point 1 - Transactions not working

The most common problem after starting card issuing is connected with performance of transactions. Your users will inform you about problems with transaction authorisations or merchant not accepting their card etc. There can be plenty of reasons of such problems. The most important are:

• User related issues - especially "insufficient funds".  User tries to pay and he/she does not have enough money on account but forgets to check. More or less 10% of transactions will fail because of this issue. You need to be ready to inform user that he needs to check his balance on account first. Another problem may be connected with users wrongly performing transaction, entering wrong PIN etc. In this case you will be able to check in card issuing system that transaction failed because of this reason. 
• Merchant related issues - 2nd biggest reason of problem. Depending on geography or country merchants and acquirers may decide to decline transaction for various random reasons. Normally it is less than 2% of all transactions. There is very little we can do about it. Sometimes you can contact acquirer, merchant or local Mastercard to check reasons and discuss how to increase acceptance and it is worth doing in many cases. But in reality this may be difficult to change. In this case you will not be able to check in card issuing system that transaction failed. You need to inform user that we do not see this transaction and he needs to contact merchant or acquirer.
• System related issues - 3rd reason of transaction failures is connected with unavailability of merchant, terminal, acquirer, Mastercard or card issuer systems. In such case transaction, most often, you will not be able to see this transaction in our system. You need to inform user that we do not see this transaction and he needs to contact merchant or acquirer.

Point 2 - Problems with delivery or activation of plastic cards

Usually, when you decide to use not only virtual but also plastic cards, you will experience various problems with personalization, delivery or activation of plastic. In various countries there may be various issues with those processes. They are usually connected with logistics or lack of easy activation methods for cards. Some of those issues can be cleaned by us during the project but for many of them we will not have good solution. Actually, in today's digital world, we do not recommend issuing plastic cards but if you need to do so, let's be ready for such problems. 

Point 3- Transaction reversals and refund issues

White paying with cards, customers will experience situations that they want to resign from transaction after some time. Sometimes immediately - and in this case reversals will be used. Sometimes after several days - in this case refund will be used. In such situations we should receive from merchant or acquirer authorization that credits transaction. We should be able to deliver this message to you so that you could increase balance of the user on account. But sometimes this process does not work correctly. If card issuer does not receive message from acquirer or payment scheme, we are unable to give you this information. User's funds may got frozen for 2-4 weeks. It is important that you understand that such things happen.

Point 4 - Fraudster activity

Any new payment activity in the world is attracting attention of fraudsters or payment mafias. There are people in the world specialised in stealing card data or making transactions with cards while having no money on accounts. This is very serious risk for you as they will be testing your systems as well. This is especially visible if you have many "Do not honour" transactions or weak Know Your Customer processes. Be ready for it. Monitor your traffic. Cards will not always work for all payment transactions, some fraud rules will block suspicious activities but your online monitoring is necessary. 

Those are key points to remember about. Please do not forget about them while launching your card issuing program with us. 

Thanks for reading. 

How to prepare for a card issuing project?

Do you want to issue cards to your users? In this article we describe what is required on your side to implement virtual or plastic cards in your applications. 

Let's imagine you are a fintech, crypto wallet, lendtech or any other company with a concrete target segment, some or thousands of users and you have a mobile application for your customers. You have decided to go live with card issuance in order to increase revenue and user loyalty. Below we describe the main decisions and steps you need to take to get ready for a card issuing program:

1. Decide on a card issuing partner - check out other articles we have on this topic in the Knowledge Center. Make sure that the partner has the necessary functionalities, legal requirements and flexibility that you can accept. Check your partner's financial standing. Contact us for more details.  
2. Analyse and describe your use cases - describe user flows, develop some initial graphs of how key processes will work. Focus on user onboarding, Know Your Customer steps, card generation and activation, card management and transaction flows. Read the Developer Zone requirements during this step to make sure you are ready to integrate without difficult customisations. 
3. Check the legal environment - try to analyse and understand the regulatory environment. Check if you can fulfill KYC requirements and how you can collect data from users. It is important that you submit a user selfie and document photos to the card issuer during the verification process. If you are working with us, please make sure that you have a European entity or branch in the EU to sign a contract with us for card issuing.
4. Verify API integration - go to the Developer Zone and analyse APIs or SDKs that you will have to connect to. If you want to avoid PCI DSS audits and associated costs, consider using SDKs. It is highly recommended if you have a large group of users. 
5. Make P&L analysis - consider the revenues from card issuing and the costs of this product. Make sure you understand unit economics. You can use articles in our Knowledge Center to start this work. Choose an affordable partner - do not think that if something is more expensive, it is better in quality. The card issuing business is a cost-based business where low level unit economics matter, especially cost per card and cost per transaction. Revenue share from interchange fees or currency conversions is even more important than costs. 

If you have checked these points, you are ready to sign a contract. Contact us sooner, let's work together. We can advise you on many of these points to build the best possible program for you. We have extensive experience in more than 30 countries on 5 continents. Make use of this knowledge to get started.

Thanks for reading. 

How can I reload payment account or card?

There are many ways of transferring money to payment account or cards. In this article we would like to explain how it can be done with Verestro and in other cases. 

Let's start with definitions so that we speak the same language. What is the card? What is payment account? What is IBAN? It seems simple but actually many customers are using those words in different way then they are. 

• Payment Account - it is a place in the system of payment institution which holds information about money stored for particular customer. Just it - a kind of Record ID in payment institution.  It is not IBAN, it is not card. 
• IBAN - IBAN is payment account number in international banking standard. This number helps sending wire transfers to Payment Account. 
• Payment Card - it is another number (PAN - Primary Account Number in terminology of Mastercard and VISA) connected with Payment Account and usually another payment instrument connected with Payment Account. Payment Card is a tool to pay using money on Payment Account and sometimes it is a way to transfer money to Payment Account. To be honest I do not know situations where Payment Card works without Payment Account. In some countries (like USA) usually Payment Account is not used in common discussions but in fact there is always Payment Account connected to Payment Card. 

Once we know those 3 definitions let's think go into ways of transferring money to Payment Account which in other words could mean ways of reloading Payment Card. There are several ways that we can use:

1. Bank transfer to IBAN - in such case user is sending money from external bank account to our Payment Account using IBAN connected with out Payment Account. Usually it is very easy, fast and effective way of transferring money in case of domestic transfers. It could be costly way of reloading account if customer is abroad. 
2. Payout to Card - in such case user is sending money from another bank or money transfer organisation using Payment Card number issued by Verestro and our issuing partner. Customer is using Mastercard Moneysend or VISA Direct to transfer money from another account to his Payment Account at Verestro. Usually it is very fast but not cheap way of money transfers.
3. Card-to-card - card-to-card transfer is used when user provides at external service another Mastercard or VISA card and transfer money to card issued at Verestro. In such case funding card (card issued by another bank) is debited and our Payment Card is credited which means that money will appear on Payment Account soon. 
4. Reload by another card via PSP, Google Pay or Apple Pay - in any wallet of our partners we can provide functionality called Paytool which enables charging another card and sending money directly to Payment Account of user. In this situation funding card is charged as if it was eCommerce transaction. User Payment Account can be reloaded quickly. 
5. Reload by partner - in many cases our partners can use own funds to reload user Payment Account. Examples of such situations are lending institutions that issue card and reload Payment Account with loan amount. Similar example could be issuing cards for insurance related claims - in such situation our partner (insurance company) adds money to user card and sends card to insured person. Usually such reload happens via MasterBalance which is account that we hold for our partners and it contains their money. This account can be used for reload as is usually used for transaction processing. 
6. Reload by crypto assets - in some cases it is possible that our partners send crypto assets and we will convert them in cooperation with our partners into FIAT currencies to reload user account.
7. Openbanking - our partners can use open banking PIS (Payment Initiation) messages to transfer money to user Payment Account. We can help with such reload tools using our Paytool product. 

Those are ways of reload we use today. We are happy to work on other ways of money transfers and enable new ones. 

Thanks for reading. 

Card Lifecycle Management

Once launching card issuing projects, our customers usually forget that it is a long-term activity that requires constant verification and improvements. It is very important that you understand and manage your card holders and use best practices in card lifecycle management. Let me summarize key activities from a timeline perspective. 

Stage 1 - choosing a card issuing partner

Obvious step. Everybody focuses on financials and technical integration. Very few people check value-added services and other products. Almost no one is aware of PCI DSS & other security requirements that will make your life easier on stage 4 and later ones. Another common mistake is that you do not check the financial stability of your card issuing partner as if it is not important for your business and users. 

Stage 2 - implementation

Obviously important. No comments. Check Dev Zone and implement. Make sure your developers read specs carefully. Make sure you understand AML and KYC regulations so that you can comply with rules and the project can be built on strong fundamentals. A common mistake is not to consider Stage 4 - card lifecycle management processes are forgotten.

Stage 3 - launch 

Everybody focuses on this moment, plans campaigns, distributes cards. And usually this is the last implementation step of this new product. It is a mistake. 

Stage 4 - card lifecycle management

Once you are up and running, it is very important that you are able to monitor your portfolio, create reports, organise personalised campaigns and manage your portfolio in a very active way. There are several rules to follow in order to maximise your portfolio's earnings and performance. The most important ones are summarised below:

• Portfolio Manager - have people that will be responsible for the management of your portfolio. 1 person is enough at the beginning. Make sure these people understand goals and work to make your cardholders active
• Reporting system- make sure you have a flexible reporting system that gives you information not only about the number of issued cards and transactions, but more importantly on the behaviour of various customer groups:
  • have reports how many customers used the card after 1-2 days, be able to find the user IDs
  • have reports with customers that used the card after 5 days, 15 days, 30 days
  • have reports on inactive customer groups
    
• Actions - be ready to act basing on the user behaviour
  • once you see that your customer is not using the card after 1-2 days - send him/her a notification or an educational reminder
  • once you see that the customer is not using the card for 15 days - maybe you should send a small digital gift to the customer and deliver it if he/she starts using card
  • if you see an inactive customer after 30 days - ask them why they are not using the card; maybe you will get a correct feedback
• Reporting - again and again check if your actions work correctly. What is their success rate? How are your customers changing their behaviour? 
• P&L analysis - make a detailed analysis from a financial perspective, incentivise users to do transactions that are bringing more revenue, think of increasing monthly fees for non-active users
  
• Quality reporting - check the quality of your services, ask users for feedback regularly, collect information, analyse it, make actions to improve
• Value-added services - think of launching new services that can improve performance of your portfolio. Maybe a voucher-based ending, card-to-card money transfers, loyalty programs etc. Ask us for best practices and tools that are easy to use.
• Education (super important) - never underestimate the importance of educational messages. You can teach customers how to use the card on the internet, tell them how to tokenise the card in Apple or Google Pay, show them how to pay at ATMs. Card issuers tend to forget how cheap and profitable it is to work on user education. Do not assume that everyone everywhere uses payment cards the way you use them today. People sometimes do not know how to use 3DS, they are afraid to use it, etc. Work on that.
• Learn, change, improve... 

Card issuing is a long-term activity. Please do not think that you will launch it and everything will work properly. You should be constantly working to attract more users and teach existing users how to use the cards so that they add real value to your business. Good luck!

Thanks for reading.

VISA or Mastercard?

Sometimes our customers ask if it is better to issue VISA or Mastercard cards. In this article we would like to answer this question. 

Main payment schemes

There are two main payment schemes in the card area that have almost monopolized global card business - VISA and Mastercard. Next to them there are several local schemes, sometimes going global that are also worth thinking of in more sophisticated global projects (like UnionPay China, JCB Japan, EC Karte Germany etc.) but in general in majority of projects you will do the business decision if you prefer to issue VISA or Mastercard cards. 

In one sentence the answer is - usually it does not matter. But if you go into details, depending on the country or type of the program there may be some important differences worth considering.

Key decision points

Below we present some important decision points:

1. Financial and marketing support - depending on the country and type of program VISA or Mastercard can decide to support your program financially or from some marketing assets. If so, it makes sense to consider this as an important factor in the decision making process. Check with your card issuing partner if there are such possibilities. 
2. Interchange differences - in some countries (outside of the European Union) there are slight but important differences in Interchange Fees which in the end means that you can earn more from every transaction. Check with your card issuer if such a situation exists on your market. If you are going to offer cards globally, it may also be possible that inter-regional (inter-continental) transactions will be more profitable in one payment scheme. So it is worth checking.
3. Cost factors - usually fees connected with a card issuing program will be dictated by your card issuer or BIN Sponsor but in some cases a card issuer may have different fees depending on the cost of VISA or Mastercard transaction fees. 
4. Special local or global card benefits programs - both Mastercard and VISA are developing various loyalty, discount, value added services that can make your program more interesting for users. In Poland, for example, Mastercard is running a very attractive card benefit and loyalty program called "Priceless Specials". It is worth checking as it may be an important value added for your portfolio and users that may be much more important than any financial details.
5. Brand and acceptance - in 95% of countries there is no visible difference in acceptance and brand between VISA and Mastercard. But in some cases it exists. For example if you are going to issue cards in Hungary - Mastercard is much more popular and customers are used to it. It is worth checking before making a decision.
6. Educational and consulting support - it can be valuable help. In various projects, countries or regions payment schemes can have services or people that can help you a lot in defining a good value proposition and important details of a card issuing program. This may be very valuable as very often employees of Mastercard and VISA are very professional, have a lot of knowledge and can help you in developing your portfolio. If you have such support, try to use it. 
7. Shareholding connections - in some cases (like Verestro) one of the payment organizations (in our case - Mastercard) will be a shareholder of your partner. It may be very valuable as you will have in-depth support of the payment scheme and card issuer. It may be useful in various situations, difficult cases connected with rules etc. Make use of such cases, if you can. 

Conclusion

Those are the main differences. It is worth considering. In the majority of cases your partner in card issuing will have some preferences and sometimes there will be no choice. But it is certainly worth considering when deciding which card issuer and payment scheme to choose. 

Thanks for reading.

Card Benefits in card issuing projects

Once you are launching your card program it is important to think about additional benefits that you can deliver for your users or products that can increase the value of your program. In this article we will show a few ideas and examples that you can use to enhance your card issuing project. 

How to strenghten your card issuing program? 

• Education and messaging - the most important but very often forgotten. No cost benefit. Just start teaching your users how to use cards, how to behave in a secure way, how to pay on the internet, how to connect to Apple Pay or Google Pay etc.  Build ways or use our white label ways of communication. It will pay back for sure.
• Enable new ways of payments - enable new ways of payments for your users. Teach them how to use their card in a friendly, secure, internal environment. Maybe they can buy something on your platform, maybe you can enable money transfer from cards etc.  Thanks to such activities you will teach them how the card works and what they can experience. You will lower the level of fear and risks they may fear at Point-of-Sale.
• Insurances - think of launching a program with insurances. This became very popular 10-20 years ago in the card business. Many banks give users additional insurances that they can buy in their apps. Insurance is an ideal product  and card benefit because it increases security feeling among your users. Examples of such insurances are eCommerce payment extended insurance, lost & theft insurance, travel insurance etc.
• Point based loyalty program - think of launching a point based loyalty program or join an existing one. We are using the Priceless Specials program done by Mastercard. This can be a strong added value that you can communicate. You can also increase revenues thanks to it and increase cross-selling if you start giving points to users for using non-card based services that you are selling. It may seem difficult to implement but actually it is not. 
• Voucher based loyalty program - once you have a growing number of users you can start arranging special promos with eCommerce or offline merchants. We can help with it as we are building a network of such partners. Thanks to such activities your users will get additional margin or cash back and it will increase retention and happiness of your customers. 
• Premium cards - maybe it is worth thinking of launching new gold, platinum or World Elite cards for your users. Maybe you could offer much better VIP service, together with a concierge for much higher fees. It is very popular among banks and it is one of the easiest ways to increase profitability of the portfolio. 

There may be more activities but these are the ones that you can implement relatively quickly in order to offer better service and increase revenue.

Prepaid, debit or credit cards - the main differences

Before launching a card issuing program, our customers consider which card product to use. In this article we will summarize the key differences and considerations. 

There are three main groups of payment cards: pre-paid, debit and credit cards. Below we summarize the most important differences.

Prepaid cards

• user has to reload a card account to use a card (like in debit cards by the way)
• you can issue anonymous, non-reloadable gift cards
• in some cases merchants block BINs of prepaid cards more often than for debit or credit cards
• you can have consumer and business prepaid cards
• in many countries, from legal perspective, there is no difference between prepaid and debit cards

Debit cards

This is the biggest group of cards in the world:

• user has to have a payment account or current account connected with a card
• user has to go through a KYC (Know Your Customer) process
• user has to reload a payment account to use card
• usually you cannot issue anonymous cards, because in general they are always reloadable
• sometimes, if you give a loan to your customer, a debit card can work like a credit card
• you can have consumer or business debit cards
• you can have Gold or Platinum debit cards

Credit cards

• user applies for credit and gets it in the form of a card
• usually connected with a revolving credit (something like credit line) and a grace period (no interest for 40-50 days)
• because of the credit, the user needs to go through KYC and credit scoring, so it is more difficult to issue than prepaid or debit cards
• you can have Gold, Platinum or World Elite credit cards
• you can have consumer or business credit cards
• usually an interchange fee is a bit higher than in case of debit cards
• sometimes approval rates for transactions are higher, some merchants (car rental) require credit cards from their customers
• because credit line is connected with this product, usually it is more profitable than a prepaid or debit portfolio

These are the main differences between the above mentioned products. In most cases, you should be thinking about debit cards because they give you the same benefits as prepaid ones, and you can convert them into credit cards by giving loans to your customers.

Tips to avoid problems when implementing card issuing

So you have a good business case for issuing cards for your customers and you found a perfect vendor who can provide formal and technical services in this area. Right after signing the contract you’re ready to implement. What now?

Now it’s time to make sure that the implementation will be as smooth as possible and you and your team won’t get stuck on some of the common problems that may happen in the project. Of course each vendor has his own approach, but let us explain how to avoid some of them based on Verestro’s experience.

Preparing everything for you takes a moment

Depending on your particular setup we will need 4-8 weeks to prepare everything for you. From dedicated environments so that your customers and their cards will always be safe and secure, to ensuring that you will be able to use the cards in Apple and Google wallets and that your proper logo will appear in the 3DS confirmation screen when customers will be paying online. In the meantime you can focus on understanding all the APIs using Sandbox environment and make sure that your team is ready for the work in front of them – for example by analyzing the documentation carefully. Our services will be available for you one by one, so you don’t need to wait full 8 weeks to start implementation – usually first work on your side starts after 2-3 weeks from the kickoff meeting.

Test and adapt

Everyone is always eager to launch the product to final customers – that’s obvious. But it’s good to plan an extensive testing phase that will limit the potential volume of incidents that may happen once you’re live. A simple successful transaction done in ecommerce and brick and mortar POS is a very good prognosis, but should not be the end of testing phase. Take into account different scenarios and edge cases (like reversals and refunds – or even partial reversals). Take into account that there are many players in the world of payments and that a simple transaction is actually a connection of several backend systems (acquirer, issuer, payment network, additional vendors). The more you test, the less surprises will be there in the end.

Knowledge and understanding is key

Issuing cards and processing transactions is unfortunately not like riding a bike – it’s easy to forget. During the project with Verestro you’ll learn a lot about the world of payments and cards. Make sure this knowledge is gathered on your side and distributed between team members.

Plan your MVP

Rome wasn’t built in a day. Best banks did not simply appear in a moment. Issuing cards is a vast topic that requires a lot of iterations to make sure the basics are solid. It’s always good to start with essentials:

• Create user
• Create their balance
• Issue first card
• Digitize the card in Apple/Google Wallet
• Make first eCommerce transaction (with 3DS)
• Make first POS transaction
• Run ‘friends&family’ phase within your company
• Then start adding features and more functionalities

If you’ll start focusing on ‘nice-to-have’ features too early in the process, you may loose sight of more basic processes what may cause delays in the whole project.

Having all of that in mind should make your project more streamlined and effective.

 

Author: Adrian Durkalec

Know Your Customer – in-house or outsourcing

From time to time, our customers ask us whether it is better to perform Know Your Customer activities in-house or to hire a company to do it for them. In this article we would like to answer this question.

KYC activities are very important. On-boarding your customer is actually the first process that the customer uses, so smooth processes are critical for our future relationship with a particular customer. If the process does not work correctly, the customer can block and all our marketing and acquisition efforts will be useless.  But how to do it right?

You can have 2 general scenarios:

Scenario 1 – build KYC in-house

You can start building this process yourself using your IT team. Actually, it is not so difficult. The process consists of a few obligatory steps that have to be performed by user:

1. Get user data
2. Get user photo or video
3. Get pictures of user’s document or documents
4. Check sanction lists
5. Approve / decline / get into interaction

It seems to be easy 😊  but actually it is not so easy. There are some security and legal regulations that need to be fulfilled. There are specific requirements of payment institutions that will have to be fulfilled. You need to collect this knowledge, be ready to update your systems. Additionally, you have to think of automatizing this process on your side so that the user does not wait too long for approval of their application. From a financial perspective it sometimes can be much cheaper than automated KYC. Let’s do a quick calculation. If you hire a person and pay 10 EUR per hour to this person for performing KYC activities you can imagine that such a KYC employee will perform simple consumer KYC actions (verification of data, photos etc.) for one customer during 1 minute. It means that the cost of processing a single application is 10 EUR divided by 60 minutes = 0,16 eur per user!!!

Additionally, if you need to perform regular scanning of sanction lists, avoiding per user costs becomes more critical because there may be requirements that users are scanned against sanction lists once per month… If you have 0,1 eur cost per such scanning it means that you have variable cost of your operations. Very important disadvantage.

Advantages:

• Full control over the process
• Possibility of changing process in-house after product launch
• Full control over costs
• Possibility to avoid variable costs per user
• Possibility to avoid recurring costs per user
• Quicker responses to regulatory complaints as everything is in your system
• No dependency on external partners

Disadvantages:

• You need to spend time and energy on this process
• Time consuming process
• High fixed costs (team to develop and update the system)

Scenario 2 – outsource KYC

In this scenario you perform a tender and choose the best KYC provider for you. You can be quick with this process, you will get all technology this partner has but you will have to pay per user and maybe for some development and customizations. You will have an outsourcing company that most likely will have to be officially registered at your regulator as you are outsourcing anti-money laundering processes to this partner. It is definitely an easier process at the beginning of your journey but think about dependencies and cost.

In the long term you may also encounter problems with your partner that some specific requirements or unhappy path for your users does not work correctly. You should not think that you can automatize 100% of your on-boarding processes and you do not need to hire anyone. You must have some manual process, possibility to check application yourself and you must hold data yourself for future use.

From a financial perspective – you will have to pay per user or sometimes recurring fees per verification additionally. This may be a heavy cost for your business model. I think that this long term dependency is the critical disadvantage and you need to be careful.

Advantages:

• Quick time-to-market
• Professional processes achieved quickly

Disadvantages:

• High variable costs – clicks per user, monthly per user etc.
• Dependency on particular vendor
• Tendency to forget that you must have manual processes built together with such partner
• Risk of regulatory incompliance in case you do not monitor partner correctly

Summary

It is a difficult choice. In our opinion, in the short-term, it may be better to involve a 3^rd party. However, in the long term, risk of dependencies, partner stability and variable fees seem important and you need to carefully consider if you do not want to have those capabilities in-house. Please also remember that while implementing 3^rd party automatic solutions, you must have a manual process ready to process unusual customers.

Our services in this area are focused on this strategy. We use both 3^rd party vendors and an internal system for managing KYC processes for ourselves and for our customers.

Reverse solicitation – marketing & promotion of card issuing in multiple countries

One of the limitations in global card issuing and account opening activities is connected with licenses and regulations for particular countries. Payment institutions have Mastercard or VISA licenses for particular countries as this is the way Mastercard and VISA systems work. In the European Union it is possible to get a license for the whole region but in other countries and regions you must get a license per country.

This makes the process of card issuing difficult in today’s digital economy because you usually do promotional and marketing activities in multiple countries. You have users from Europe, Asia, Africa, Americas and other continents. It would not be smart to limit your payment services only to users from particular countries.

This is a critical point and you should be discussing this point with your card issuer at the beginning of your cooperation with them. The answer to this problem is not easy or white-black. There are some important considerations that we present below:

• Multi card issuing and multi card processing – we believe that integrations with multiple card issuers that have licenses in multiple countries is critical for the success of global programs. Verestro works with payment organizations in multiple countries and solves this problem globally. In such cases, those problems disappear.
• Regulatory compliance – your payment institution must check if it is legally possible to open a payment account and provide payment cards to users from many countries. In case of Quicko (our BIN sponsor) we are allowed to open payment instruments and accounts to users from multiple countries assuming we fulfill AML requirements
• Mastercard and VISA rules – Mastercard and VISA give licenses for particular countries. It is impossible to get a license for all countries. There are some specific processes to get approval for program in other countries than you have payment scheme license but it is not clear in fact and there are some risks for every program

There are some general rules that you should follow as our partner so let us describe it:

1. You should be able to prove that the main focus of your marketing actions is in Europe if your card issuer is based in the EU. We may ask some additional questions. Mastercard can have a look at places where transactions are happening etc. Try to focus on Europe.
2. You should be able to provide proof that even if we are distributing cards to consumers living abroad there is an economic interest of those people in Europe. Maybe they travel to Europe, maybe they have employees in Europe etc.
3. If you are distributing cards to companies, make sure they have headquarters or offices located and registered in Europe.
4. The best would be that your users have resident addresses in the European Union that they are registering during card on-boarding. This solves all the problems.
5. We would like to be aware of your marketing activities in countries outside of Europe. It is important that we are aware, maybe we inform local Mastercard so that they are aware.

Our intention in the long run is to solve this problem by working with multiple partners globally and grow with licenses to other countries together with our customers. Don’t hesitate to contact us if you want to do global card issuing business.

Interchange Fees and Service Fees - rates and rules

Disclaimer. This article shows in some detail the topic of Interchange Fees. It is presented in the best way to make business decisions, but unfortunately this topic is very complex, so it does not cover 100% of information. If you need 100% of information, please check the Mastercard and VISA interchange manuals. Please take into account that this article is written in May 2024, we will try to update information regularly, but make sure you get up-to-date information before making final business decisions.

Introduction

Interchange Fees and Service fees are fees that the issuer of cards gets or pays from/to an acquiring institution to cover cost of payment transaction or payment instrument. Those are fees connected with using Mastercard or VISA cards that are dependent on the decision of payment schemes and they improve or decrease P&L from card issuing activities. In Mastercard manuals they have the following definitions:

• Interchange Fee —The fee that passes between the acquirer and the issuer with respect to the interchange of a transaction conducted at a merchant, the “purchase” part of a “purchase with cash back” transaction or a merchandise transaction conducted at an ATM terminal, including a chargeback, second presentment and reversal of such a transaction.
• Service Fee —The fee that passes between the acquirer and the issuer with respect to the interchange of any other type of transaction, including a manual cash disbursement transaction, ATM transaction, PIN-based in-branch cash withdrawal, “cash-back” part of a “purchase with cash back” transaction, refund, or payment transaction (such as MoneySend or Gaming Payment Transaction), including a chargeback, second presentment and reversal of such a transaction.

This is quite a complicated topic and we will not be able to cover all details in this chapter but let us try to answer 90% of questions coming from this area. There are several factors impacting the level of interchange. The most important are:

• geography - in which the country transaction was performed. Usually Interchange is higher for transaction performed in other countries, especially other continents
• type of card - consumer vs business, debit vs credit.  Consumer cards usually have lower interchange than business cards. Debit cards usually have lower interchange than credit cards.
• type of transaction - there may be different interchange for transactions performed online or offline, face2face POS or eCom merchant, bill payment or government, contactless vs chip&pin etc.

Let's start with information about types of interchange from geography point of view. There are 3 important groups of transactions:

• domestic transaction - transaction performed at Polish merchant, Polish acquirer with card issued in Poland
• intra-EEA transaction - transaction performed in one of EEA countries (see below), EEA merchant, EEA acquirer, Polish or EEA card issuer
• intra-European transaction - transaction performed in one of Eastern European countries (see below), Eastern European merchant, Eastern-European acquirer, Polish or EEA card issuer
• inter-Regional transaction - transaction performed in any other country, usually another continent, with card issued by EEA issuer

The Mastercard EEA subregion where we are located today for purposes of the application of intra-EEA interchange fees includes the following:

• the Member States of the European Union: Austria, Belgium, Bulgaria, Croatia, Czech Republic, Cyprus, Denmark, Estonia, Finland (including Aland Islands), France (including French Guiana, Guadeloupe, Martinique, Réunion, Saint Martin [French Part], and Mayotte), Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal (including Azores and Madeira), Romania, Slovakia, Slovenia, Spain (including Canary Islands, Ceuta, Melilla), and Sweden
• and Iceland, Liechtenstein, and Norway (including Svalbard and Jan Mayen), Andorra (for transactions with above mentioned countries).

The Mastercard Western subregion includes the following: • All EEA subregion countries/territories previously stated • Switzerland, Andorra, Monaco, San Marino, and Holy See (Vatican City State), Antarctica, Greenland, Faroe Islands, Saint Barthelemy, Falkland Islands, Guernsey, Isle of Man, Jersey, Saint Helena, Ascension and Tristan Da Cunha Helena, South Georgia and the South Sandwich Islands

The Mastercard Eastern subregion includes the following: Albania, Armenia, Azerbaijan, Belarus, Bosnia and Herzegovina, Georgia, Israel, Kazakhstan, Kosovo (United Nations Mission in Kosovo), Kyrgyzstan, Macedonia, Moldova, Montenegro, Russian Federation, Serbia, Tajikistan, Turkey, Turkmenistan, Ukraine, and Uzbekistan.

Additional complexity comes from types of cards. There is different interchange for :

• debit consumer cards
• credit consumer cards
• business debit cards
• business credit cards
• Premium cards (usually credit)
• etc. 

Let us simplify this topic by creating a few tables with the most important Interchange Fee examples that we recommend to use for your business calculations.

Consumer standard Mastercard debit cards for cards issued in Poland (Polish BIN)

Domestic transaction	0.2% some local interchange levels apply for government, bill payment - usually max fee level is defined in those programs.
Intra-EEA transaction	0.2%
Intra-EEA ATM Service Fee	0.5 EUR + 0.12%
Intra-European POS transaction	0.59%
Intra-European full 3DS transaction	1.19%
Intra-European ATM Service Fee	1.3 EUR + 0.2%
Inter-regional transaction POS	1.6%
Inter-regional transaction full 3DS	1.54%
Inter-regional ATM Service Fee	0.3 USD + 0.6%

Consumer Premium Mastercard debit cards for cards issued in Poland (Polish BIN)

Domestic transaction	0.2% some local interchange levels apply for government, bill payment - usually max fee level is defined in those programs.
Intra-EEA transaction	0.2%
Intra-EEA ATM Service Fee	0.5 EUR + 0.12%
Intra-European Premium POS and 3DS transaction	1.55% for Platinum
Intra-European ATM Service Fee	1.3 EUR + 0.2%
Inter-regional transaction POS and full 3DS	1.85%
Inter-regional ATM Service Fee	0.3 USD + 0.6%

Consumer Super Premium Mastercard debit cards for cards issued in Poland (Polish BIN)

Domestic transaction	0.2% some local interchange levels apply for government, bill payment - usually max fee level is defined in those programs.
Intra-EEA transaction	0.2%
Intra-EEA ATM Service Fee	0.5 EUR + 0.12%
Intra-European World Elite transaction	1.8%
Intra-European ATM Service Fee	1.3 EUR + 0.2%
Inter-regional transaction POS and full 3DS	1.98%
Inter-regional ATM Service Fee	0.3 USD + 0.6%

Consumer Mastercard credit cards for cards issued in Poland (Polish BIN)

Domestic transaction	0.3% some local interchange levels apply for government, bill payment - usually max fee level is defined in those programs.
Intra-EEA POS transaction	0.3%
Intra-EEA ATM Service Fee	0.5 EUR + 0.12%
Intra-European POS transaction	0.59% for Platinum
Intra-European full 3DS transaction	1.19%
Intra-European ATM Service Fee	1.3 EUR + 0.2%
Inter-regional transaction POS	1.1-1.6%
Inter-regional full 3DS transaction	1.54%
Inter-regional ATM Service Fee	0.3 USD + 0.6%

Business Mastercard debit cards for cards issued in Poland (Polish BIN)

Domestic transaction	0.2% some local interchange levels apply for government, bill payment - usually max fee level is defined in those programs.
Intra-EEA POS transaction	1.5% (minus 0.3% if acquirer meets some criteria)
Intra-EEA full 3DS transaction	1.75% (minus 0.3% if acquirer meets some criteria)
Intra-EEA contactless transaction below EUR 25	0.8%
Intra-EEA ATM Service Fee	0.5 EUR + 0.12%
Intra-European POS chip&pin transaction	1.7% (minus 0.3% if acquirer meets some criteria)
Intra-EEA contactless transaction below EUR 25	1.15%
Intra-European full 3DS transaction	1.95% (minus 0.3% if acquirer meets some criteria)
Intra-European ATM Service Fee	1.3 EUR + 0.2%
Inter-regional transaction POS and full 3DS	2.0%

BIN Range or Separate BIN in Card Issuing

Our customers usually ask if it makes sense to issue cards on a separate BIN fully dedicated for a particular project or just use BIN range and share it with other partners. Let me focus on this topic in this short article. 

BIN range

There are not so many disadvantages of dedicating a BIN range for your project. In many cases this decision will be much better. Key reasons:

• The project is cheaper as we do not need to implement a new BIN with Mastercard or VISA for you. It is a saving of around 20.000 EUR and monthly maintenance costs are cheaper as well (500-1000 EUR monthly).
• The project is faster for the same reason. It is a saving of around 3-4 months.
• The setup of the BIN range is easier from an operational perspective, so you and we do not consume more mandays for the project.

The only slight disadvantage in such an approach is that there may be a situation when this BIN gets compromised because of some user behavior. It is a very rare situation but it could happen. If you share the BIN with other customers, there is a risk that you will have to change the BIN and cards for customers because of the actions of other customers. We believe that this risk is very small - it has never happened in our history.

Separate BIN

Some people believe that if they have "own" or "dedicated" BIN, the project will be much better. In reality it is not so. It is only more expensive and slower (see above). There is more work and some additional risks connected with the new BIN setup. However, the advantage of a separate BIN is the same as mentioned above - you do not share the BIN with other partners, so in case of BIN compromise, you will know that it happens because of your actions. 

I do not see any additional big differences, disadvantages or benefits of using a separate BIN. 

Thanks for reading. 

Guide to IBAN setup process

In this article we would like to focus on IBAN, bank accounts delivery to your customers. This topic is raising a lot of questions and requires attention.

Let's assume that you would like to offer IBANs for your customers. If you are a fintech provider, money transfer organization, lending company, eCom marketplace, it could make a lot of sense as a value added product. In such a case Verestro, together with partnering payment institutions and banks can provide you IBANs via API or inside our SDKs or white label products and your customers will be able to transfer money to and from those bank accounts in the same way they do it in normal mobile or internet banking. 

But what happens in the background? How does it work?

There are a few dimensions that we need to remember about once enabling the IBAN product - technology, money movement, money holding, liquidity management etc. 

Technology

From a technology perspective it is not very difficult. You just go to section IBAN management in our Developer Zone and can find APIs. Please remember that you must create a user first in our database, perform KYC in majority of cases, create a balance or account for this user and once it is done you will use this IBAN API to create an account number (IBAN) for this payment account.

In the background, during project setup and operations, Verestro and our partnering payment institutions create for you a set of IBANs from one or more banks that will be used in case you request IBANs or transfers via API. Once transactions come to this IBAN, technically you are receiving information from our system that the balance of the account changed and you can display this information to the user.

Money Movement

By Money Movement we mean a process of transferring real money from sender to receiver. Because we are using various payment institutions and banks behind our system, it is worth discussing. There are the following steps in this transaction:

1. Sender sends money to IBAN of your user generated at Verestro platform
2. Our partnering payment institution or bank receives information about incoming transfer to this IBAN
3. Verestro platform informs you about the incoming transfer and optionally initiates movement of money to another bank which acts as settlement bank for your transactions. This happens in case IBAN is generated in another payment institution than Settlement Bank
4. Money gets available on user or your account or for settlements of card transactions at the moment it arrives at Settlement Bank (usually you do not experience any problems as it is at D+1 time)
   

Money Holding

In all cases money is held by banks cooperating with Verestro so they are secure in the same way as any other banking account in those banks. We cooperate only with strong and reliable banks in various countries (usually based in Poland).

Liquidity Management

In some cases once you are receiving and sending money from and to IBANs, in order to avoid delays of money transfers between various payment institutions and banks, it is necessary to place and manage additional liquidity benefits so that your users could send money faster. We will inform you about such situations during the project depending on the requirements and use case we are going to implement together.

Thank you for reading. 

IBANs, cards, balances - how to manage all of this?

Once you are starting a payment account and/or card issuing project you need to learn key definitions and relations between those various parameters.

Balance ID - this is a real "account" in the Verestro system. This number is connected with User ID and means that the user has an account and balance in our system. The user can keep money on this Balance ID.  Of course, one user can have multiple balances but a single balance can belong to one user only

IBAN - this number is often mixed with Balance ID.  IBAN is a number through which the user can receive money to his balance via wire transfer. IBAN is not a balance ID. Generally it does not make sense to have more than one IBAN for one balance. Normally you issue one IBAN for one balance. Usually a user can have more IBANs and balances if he wants to keep money on separate accounts, in various currencies etc.

Card number - easier to understand, just a card number issued to a particular balance ID (not to IBAN!). A user can have multiple cards connected to one balance ID.

Once preparing to project with Verestro, please learn the above definitions. More info here: https://developer.verestro.com/shelves/card-issuing-ibans