You might have heard of the Installment Sales Act. “Installment payment” refers to the practice of paying for a purchase in smaller increments over time rather than in one lump sum. The Installment Sales Act is a Japanese law that aims to protect customers when paying for goods or services in installments; it establishes the regulations governing credit transactions and sales conducted in conjunction with loan agreements.

In recent years, there’ve been groundbreaking technological innovations in the fintech sector. While the environment of our payment systems has become more comfortable and convenient, security concerns have also arisen. Against this backdrop—and with the aim of establishing an environment in which customers can confidently use various payment methods, and to accommodate new technologies and services—the Installment Sales Act was amended in 2016 (effective June 2018), followed by another amendment in 2020 (effective April 2021).

This article offers fundamental knowledge about the Installment Sales Act as amended in 2016 and 2020. It provides details about the impact on individual sellers under the amended law, challenges for platform operators, and the specifics of merchant management obligations imposed on acquirers.

What’s in this article?

• What is the Installment Sales Act?
  
• The impact of the Installment Sales Act on individual sellers (merchants) in platform businesses
  
• Strengthened merchant management under the Installment Sales Act
  
• Merchant management challenges for platform operators
  
• Compliance-related best practices for platform operators
  
• How Stripe can help address these challenges
  

What is the Installment Sales Act?

As explained above, the Installment Sales Act is a law designed to protect customers who use installment payments when purchasing goods or services. Specifically, by establishing rules governing credit agreements—such as those involving online credit card purchases using revolving payments or bonus payments—the goal is to create an environment where customers can make credit card payments securely.

Prior to the 2020 revision of the Installment Sales Act, cases of credit card fraud due to card number leaks at merchant locations had been increasing. Simultaneously, as contract structures involving payment service providers (PSPs) became commonplace, there were many cases where merchants handling credit cards were criticized for inadequate management and security.

At the same time, innovative and highly functional payment processing services developed by various fintech companies were being introduced one after another. This led to the expectation that the payment infrastructure business would see further growth in the future.

The 2020 amendments to the Installment Sales Act primarily aimed to achieve the following three objectives:

• Strengthen credit card merchant management: A registration system was established for businesses (such as acquirers) that enter into contracts authorizing merchants to handle card numbers and other data; under this system, such entities are now mandated to investigate and screen merchants.

• Secure credit card information management: Merchants are required to properly manage sensitive data, such as card numbers, and to implement fraud prevention measures. The goal is to reduce the risk of fraud and build a safer environment for credit card use.

• Promote market entry for fintech companies: In anticipation of more active participation by fintech companies going forward, measures have been taken to foster an environment that encourages market entry. This was done by introducing a system that allows fintech companies that provide payment processing services to receive the same registration status as acquirers.

The impact of the Installment Sales Act on individual sellers (merchants) in platform businesses

The push for strengthened merchant management under the Installment Sales Act stems from several factors. Top among these is the increasing use of diverse payment methods across virtually every shopping channel. This trend coincides with a rise in fraudulent activity and a widespread proliferation of ecommerce sites. With the aim of protecting customers, the Installment Sales Act adopts a policy of requiring acquirers to bear the responsibility for merchant management.

The acquirer’s role under the Installment Sales Act

The amendments to the Installment Sales Act have introduced a registration system for acquirers—as well as for Payment Service Providers performing functions equivalent to those of an acquirer—designating them as “businesses that enter into agreements regarding the handling of credit card numbers and other information.” These entities are now required to individually screen and manage the business operations and risks of their merchants.

Ecommerce and consumer-to-consumer (C2C) platforms

In the case of platform-based businesses, for each transaction, either the platform operator or one of its merchants acts as the seller and serves as the merchant of record. When individual merchants using the platform—rather than the platform operator itself—actually sell or provide goods and services and interact directly with consumers, relying solely on the platform operator’s screening process is insufficient for adequate merchant management. Therefore, in the context of ecommerce platform operations, individual sellers (merchants) are likely to be subject to merchant screening.

Even individuals selling on C2C platforms such as online flea markets could also be subject to the provisions of the revised Installment Sales Act. For example, if the seller operates as a sole proprietor, they might be subject to screening as a merchant. Specific screening criteria for sole proprietors include details such as name, address, and date of birth; such identity verification is required to maintain a secure payment system.

If the seller is an individual who is not a sole proprietor, that individual generally will not be subject to the acquirer’s merchant screening process. However, the platform operator—as the provider of the C2C platform—might be subject to additional screening criteria. In other words, since potential risks to customers exist regardless of whether the seller is a corporation, a sole proprietor, or a private individual, the ability to identify every seller individually is an important element in ensuring consumer protection.

Strengthened merchant management under the Installment Sales Act

The Installment Sales Act mandates that acquirers strengthen their merchant management systems in two specific areas:

Mandatory security measures for sellers

Under the Installment Sales Act, all merchants are required to implement the following security measures to protect customer card information and prevent fraudulent use.

• Nonretention of card data: As a general rule, merchants are required to implement a nonretention policy, which means they must not store, process, or transmit credit card information within their own systems. However, when they do retain information, it must be done in a way that is compliant with the PCI DSS (Payment Card Industry Data Security Standard).

• Implementation of fraud prevention measures:

  • In-person sales (physical stores): Merchants are required to install payment terminals capable of processing integrated circuit (IC) cards and to take measures to prevent the use of counterfeit cards.
    
  • Remote sales (apps, ecommerce sites, etc.): To help prevent credit card fraud such as online identity theft, merchants in Japan are currently required to implement 3D Secure 2.0 authentication protocols. In addition, merchants are expected to implement multifaceted and layered security measures, including the use of security codes and fraud detection systems.
    

Enhanced obligation to screen and manage merchants

One of the key points of the amendments to the Installment Sales Act is the designation of acquirers and certain PSPs as “businesses that enter into agreements regarding the handling of credit card numbers and other information.” As a result, the screening and management of merchants has been strengthened. The detailed merchant screening process is outlined below.

• Initial screening (when a merchant agreement is signed): Verify the seller’s basic information (e.g., location, representative, products and services offered, sales methods, etc.) and confirm that the abovementioned security measures have been properly implemented.
  
• Ongoing screening (after a merchant agreement has been signed): Following the execution of the agreement, conduct ongoing screening and monitoring to ensure the seller remains compliant with security measures, and to detect any potential issues—such as information leaks, fraudulent usage, or malicious transactions.
  
• Appropriate measures based on screening results: If screening reveals issues with a merchant, offer guidance to ensure compliance with laws and regulations. If a merchant fails to comply with guidance—or if future compliance appears unlikely—take appropriate measures, which could include terminating the merchant agreement.
  

Merchant management challenges for platform operators

The Installment Sales Act is an important law for consumer protection. However, it’s also true that individual investigations of each seller can, in some cases, become a bottleneck for platform operators seeking to introduce installment sales services.

To ensure the effectiveness of the individual merchant screening process mentioned earlier, a “JDM inquiry” by the acquirer is necessary. JDM refers to the Merchant Information Exchange System operated by the Japan Credit Association. This system registers information on merchants involved in consumer disputes or those implicated in fraudulent transactions. When an acquirer evaluates a specific vendor for merchant status and reviews the associated contractual agreement, it is—in practice—required to use the information registered with the JDM to proactively identify and exclude unscrupulous businesses.

However, platform operators that are not acquirers do not have direct access to the JDM, so they can’t verify beforehand if their sellers are registered with the JDM. Therefore, merchant screening of sellers must be entrusted to acquirers, who bear legal responsibility, inevitably creating an inefficient cycle that risks compromising the user experience as follows:

User experience for merchants

The acquirers that process Visa and Mastercard transactions are different from those that process JCB transactions. Specifically, for Visa and Mastercard, a single acquirer that does not handle other card brands handles these transactions, whereas for JCB, JCB is the sole acquirer. This means that each acquirer must conduct parallel reviews for a single merchant, and it takes a considerable amount of time and effort for all reviews to be completed.

However, until the screening process is complete, sellers cannot begin operating as merchants. Alternatively—for instance, if Visa and Mastercard are available but the review for JCB is still pending—the inability to offer payment services except on a partial basis could potentially become a bottleneck for the merchant.

User experience for consumers

Ecommerce platforms, such as ecommerce malls, host a wide variety of merchants, and for consumers, the convenience of being able to easily purchase what they want is a major advantage. However, since platform operators have no choice but to outsource the screening and management of these merchants to third parties, the inability to take the lead in these operations can be a disadvantage for them.

For example, even though they’re on the same platform, Shop A might accept JCB card payments, while Shop B might not. In this case, not only would the platform’s consistency and convenience be compromised, but consumer trust could also decline, potentially leading to customer churn.

Stripe can help you tackle these challenges using the following two measures:

• Programmatic merchant registration with acquirers: By electronically transmitting registration data, the process can be completed quickly.
  
• Stripe’s proprietary payment facilitator functionality: Typically, platform operators send new merchant information to each acquirer via Excel files, and acquirers spend several days reviewing this data, which is time-consuming and labor-intensive. With Stripe, however, merchants can integrate onboarding functionality into their own systems using Stripe’s proprietary APIs and embedded or hosted components, automating the process and enabling smoother operations.
  

Compliance-related best practices for platform operators

While the legal responsibility for merchant management generally falls to the acquirer, platform operators must also be aware of compliance-related best practices, including the following:

• KYC (Know Your Customer): KYC refers to customer verification or identity verification. In this context, it involves verifying that the seller is a real entity and confirming that they have no ties to antisocial forces. Since KYC is also a key element of the Act on Prevention of Transfer of Criminal Proceeds, it’s important to gain a thorough understanding of it.

• Monitoring fraudulent transactions: It’s necessary to deploy a system capable of monitoring daily platform transactions, detecting patterns of fraudulent transactions, and taking appropriate action as needed.

• Managing chargebacks: It’s necessary to establish a process for responding to and managing the risks associated with chargebacks (payment reversals) arising from issues such as credit card fraud.

How Stripe can help address these challenges

As we’ve seen, the merchant management requirements under the Installment Sales Act are wide-ranging and require strict oversight by the acquirer; it’s extremely difficult for platform operators to handle all of these requirements on their own. In particular, when operating an ecommerce platform with the goal of providing a fast and seamless user experience, this law can pose operational hurdles.

Stripe Connect is a payment platform built in compliance with relevant laws and regulatory requirements, designed to support the operation of ecommerce businesses. By implementing Stripe Connect, businesses can automate onboarding processes such as merchant registration, allowing them to focus on growing their business and creating an optimal user experience.