It’s February, the month of love. Just once, wouldn’t it be great to receive a little candy heart asking you to “Be Mine” instead of more forms to fill out and documents to submit? Of course, regulatory compliance does have one important thing in common with romance: Fail to put in the work, and your relationship is likely over — your relationship with the card brands, that is.
Adult content policies have been front and center since October 2021, when Mastercard instituted its adult content policy requirement. Visa followed suit with its Visa Integrity Risk Program (VIRP) in April 2024. Merchants can find themselves in the hot seat if they neglect to submit the required adult content questionnaire and supporting policies, which are now a standard part of any onboarding package, whether with a bank or a payment facilitator like Segpay, CCBill, Epoch or Vendo.
Merchants can find themselves in the hot seat if they neglect to submit the required adult content questionnaire and supporting policies, which are now a standard part of any onboarding package, whether with a bank or a payment facilitator.
In the past, payment processors would request these policies, then review and hold them on file in case the bank or card brands request to review them. Things have changed, however. Acquirers now mandate that processors pass these policies on with every new merchant submitted. Banks request these documents when conducting their own annual “know your customer” (KYC) checks. Not only are the banks reviewing your policies, they’re also testing to make sure you are actually following them. This is slowing everything down. It can now take weeks or longer to onboard a new company or a new URL.
Faced with this intensive process, many merchants have been requesting our guidance. Let’s review the five policies you need to stay on top of to make sure everything stays lovey-dovey between you and the card brands.
Content Management Policy and Procedures
This is by far the largest of the policies and applies to all merchants. The policy must clearly explain how you perform age and identity verification of content providers and review content prior to publishing. This includes merchants with studio-produced content, live cams or fan sites. Livestreaming platforms must outline how they moderate their streams, what software they are using and what human review is being done. The policy should also explain how content is removed from a livestream if it violates your terms of service or any card brand rule. The policy should outline what content you accept.
Your content policy should fall in line with card brand rules at a minimum, and can be expanded beyond those regulations to meet your risk appetite. The policy should outline what controls you have in place to prevent your website from being used to promote or facilitate human trafficking, sex trafficking, physical abuse or prostitution. Even if your website is selling produced content, it is best to outline how you vet the producers from whom you buy and review their policies on human trafficking. The policy should also include a section on affiliate marketing and how you prohibit marketing or search terms alluding to child exploitation, depiction of nonconsensual activities and other illegal content.
Consumer Age Verification Policy
Visa made consumer age verification a requirement when it rolled out VIRP. Your policy should outline how you’re verifying users’ ages and complying with applicable state and national laws. The policy should be specific, listing any software you’re using to age-verify. Are you blocking any states? Have you implemented SFW tours, then validating age once the consumer tries to access adult content? Make sure that information is included. Remember, the banks will test whatever policies you put in place.
Complaint and Content Removal Policy and Procedures
The complaint and content removal policy should outline what the complaint process is for consumers to identify illegal or brand-damaging content activity. It should identify a process by which anyone depicted in content can appeal for its removal. The policy should include time frames for a response, within the seven-day period required by the card brands. Lastly, make sure your policy outlines how you report monthly takedown requests to your acquirers or payment facilitators.
Sample Agreements
You need to include a sample copy of the written agreement you use with third-party content providers, or with content creators if you are a cam or fan site.
Chargeback/Fraud Mitigation Policy
It’s important to have a brief policy on how you manage your chargeback and fraud rates. If you’re using a payment facilitator or a gateway, you can lean on their policies. You can also include any other measures you’re taking to limit chargebacks and fraud, such as third-party solutions like RDR, Ethoca or Verifi.
Pulling together these policies may seem like a lot of work, but it will ultimately help speed along the compliance process with your payment provider and keep all of us safe in the long run. I also highly recommend working with an industry attorney on creating your internal policies, as someone well-versed in the requirements can help identify issues that you might not otherwise think of.
Relationships require work. But once you’re fully compliant, you and the card brands will stand a much better chance of staying together and living happily ever after.
Cathy Beardsley is president and CEO of Segpay, a merchant services provider offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are kept safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.
