The Confusing Relationship Between Storefronts and Payment Processors: Valve and Mastercard Keep Slagging Each Other Off

It's been an interesting few weeks in the world of NSFW games. This week is no different.

Over the past few weeks there's been growing anger within the gaming community around the actions of payment processors Visa and Mastercard, which have seemingly caused a large scale purge of adult-oriented games on both Steam and itch.io.

In response, Mastercard has issued a two paragraph statement essentially denying responsibility for any of it:

"Mastercard has not evaluated any game or required restrictions of any activity on game creator sites and platforms, contrary to media reports and allegations."

Valve countered this statement with their own statement confirming that Mastercard hadn't directly corresponded with Valve, "despite our request to do so". This lays bare the convoluted and confusing relationship between merchants, payments processors and banks. This web of relationships can sometimes make it tricky to explain simply how these things works.

As someone who's worked in various banks for the greater part of fifteen years, I thought I'd provide a little context on how things work.

To put it simply, when Mastercard or Visa say they didn't request games to be removed from sale by either Steam or itch.io, they are absolutely correct in this assertion. They are known as what is called card schemes. They are a network that connects different financial institutions, allowing them to make payments.

In the case of Mastercard and Visa, there are four parties to a transaction:

• The cardholder - you!
• The cardholder's issuer - for example Bank of America, or Lloyds, or the Commonwealth Bank. This is who you receive your credit card statement from, or where your transaction account with a scheme debit card (for example, a Debit Mastercard) is held.
• The acquirer - this is generally the bank that the company you're making a purchase from banks with. It could be the same bank as your card issuer, or it could be different bank, including one in a different country.
• The merchant - the company you're making the purchase from.

This can vary a little in some cases. For American Express cards and a couple of others, American Express is both the issuer and acquirer for transactions, leaving only three parties.

In some cases there is a fifth party (or fourth in the case of American Express above), a payment processor that processes transactions on behalf of a merchant, and in turn has their own acquirer. An example of this would be PayPal, that is neither an issuer or card scheme in itself, but processes payments on behalf of merchants.

The card scheme is what links the issuer to the acquirer. So they do not have a direct relationship with either the cardholder or the merchant. But as it is their global infrastructure being used to enable payments, their rules (commonly known as Scheme Rules) are generally the most important regulations issuers and acquirers need to follow - and there are tangible penalties when any party to the transaction does not follow these rules.

So there's a couple of situations that could have occurred while still being consistent with Mastercard's claim they didn't take any action against Steam or itch.io.

• Mastercard picked up the phone to Steam's acquirer: as stated above, Mastercard would never pick up the phone to Steam and tell them to take down adult games or they would de-bank them. But what they could quite possibly have done is pick up the phone to Steam's acquirer (the bank that processes Steam's card transactions). Card schemes have a direct relationship with the banks, and it is taken seriously. If a bank gets a call from their relationship manager at a scheme telling them one of their customers is misbehaving, they would take action rather than risk a fine or a deteriorated relationship.
• Steam's acquirer was motivated by fear and took action: as above, card scheme rules are serious business. If Steam's bank saw media coverage on the campaign against them, it's possible they were motivated to get ahead of any issues with Mastercard or Visa and acted early and alone. So while Mastercard might not have even had the intention of doing anything, the acquirer didn't want to take the risk and acted first.

I'm not suggesting either of the above happened, or the degree in which Mastercard was ultimately involved in the action. There's of course a number of other schemes and payment processors that were targeted by Collective Shout's actions, and any of them could have also taken the action which lead to what we saw over the last couple of weeks.

I just thought I'd add a bit of context that might help explain the situation and the background a little bit better. I do sincerely hope that this matter comes to a sensible conclusion, where, as GOG put it, "if a game is legal, you should be free to buy it".