| This is a pretty poor article, unsurprising coming from an arm of the Russian government that employs Julian Assange. Here's a summary without any politics or conspiracy theories. So, each payment that Visa or Mastercard process comes with a risk. If that payment was made with a stolen card, Visa and Mastercard are on the hook for it. Because of that, for example, the fee the merchant pays per transaction can be wildly different depending on its nature. In-person transaction with a signed receipt at a coffee shop: pretty safe. Internet payment: riskier. Require a CCV from the customer, a bit safer. Customer is from a foreign bank? Risky again. Online pharmacy: even riskier. Check this out:
http://www.mastercard.com/us/merchant/pdf/MasterCard_Interch... Merchants also are subject to credit checks... they do a lot to make sure they won't be on the hook for a bunch of chargebacks. Some categories of purchase are considered too risky to even consider. From Visa/Mastercard's perspective, if you're going to be receiving a ton of donations from paranoid hackers who took down your own website and probably think they're being tracked and monitored by the US government (which they very well may be), it's probably safe to guess there may be some stolen card numbers in there and are not going agree to let payments to Wikileaks go through their system. So, Wikileaks and their data host came up with a brilliant idea: their host, DataCell, will sign up to receive payments with their credentials, and then it'll give the money they raised to Wikileaks. They entered into a contract with Valitor (which isn't a subsidiary of Visa or anything: it's just one of three card processors in Iceland, who handles acquiring services for Visa and Mastercard) saying that they will be collecting payments for their data hosting services. They write a donation page and get everything set up, test it out, and then after a couple weeks turn it on. About a week after that (or possibly the same day, according to one source http://www.bloomberg.com/news/2012-07-12/iceland-court-order...), Visa and Mastercard call Valitor up... kinda like how they call you up if you make an unexpected $1000 purchase in another country out of the blue. They say, "hey, you guys are sure selling a lot of servers, or whatever. What's going on there?" Valitor has to come clean and say that people are paying Datacell with the expectation of that money going to Wikileaks. Visa and Mastercard say, "oh, that's pretty clearly not what we signed up for here: this is, like, millions of high-risk payments. You're gonna have to cancel that account." And they do. So now Datacell sues them for breach of contract. The contract pretty clearly states that Datacell is not allowed to use their account to process payments for other parties. This is Valitor's only defense. Datacell's argument is super weak. They say they are not processing payments for other parties, but that their core business includes allowing their customers to collect payments. The payments intended for Wikileaks are part of the principal business and they're collecting that money to offset the cost of paying Wikileaks. The judge pretty much ignores that argument but finds in favor of Datacell anyway. Valitor had full knowledge going into the contract that DataCell was going to be processing payments for Wikileaks. Its employees provided help in designing and creating the Wikileaks website, and they tested the website for them. Because Valitor knew this was going to be used for Wikileaks fundraising, they cannot now argue that that isn't allowed by contract. So, Valitor will appeal this decision, but if it holds up, they'll probably just wind up going out of business (unless they decide $6000/day is affordable). Visa and Mastercard are just gonna turn them down as customers because this was some fraudy shit they pulled. They'll go out of business, and Icelandic merchants will just have to sign up with one of their two competitors instead. |
Except not really. The bank passes on full liability to the merchant that accepted the payment. When the chargeback occurs, the payment is taken back from the merchant, plus a bunch extra as a chargeback fee to cover the costs of pushing around the forms between banks and taking the report from the cardholder over the phone. Knowing this only works when the merchant still has the money to take back, any hint of a merchant going over 1% of their monthly volume in chargebacks will generally trigger the bank to start holding back some or all of their payments in a reserve fund to cover the potential chargebacks.
The only way for the bank to be on the hook is if the merchant (like Wikileaks) passes the risk assessment enough to start accepting cards, and has a clean chargeback record up until the point a massive number of them come in, AND when the bank tries to recover that money, the merchant's already drained their bank account so there's nothing to recover.
If that happens, the bank's screwed, but Visa's still perfectly happy having taken 1-4% of every charge, even the fraudulent ones, with no liability for the stolen cards.
Why bother expanding on that tidbit? Because if Visa has zero liability, then why would Visa corporate be telling anyone not to accept cards from Wikileaks? That's not normal. The people that decide who can accept Visa cards are the underwriting departments at individual banks that back merchant service providers, not employees at Visa Inc.