The Merchant Processing Guru

The Merchant Processing Guru Tip#20: What is the flow of a credit card processing transaction?

When you process a transaction what really happens in those few seconds that you are waiting for an approval or decline on that card? Well, whether you swipe the card or key it in on some other system the flow is the same. A line of communication is opened up and information is sent to the acquiring bank to say that a transaction for this amount on this card holder’s card is being requested for this merchant account. Then the acquirer’s computer will then contact the issuing bank to verify the account information and that the card holder has enough credit for the transaction to be approved. Then the approval is sent back to the acquirer from the issuing bank and the acquirer issues an approval number for the transaction. A receipt is then generated with this information and the transaction is complete. This is called the “front end” of the process.

The “back end” of this process happens at the end of the day where all the transactions from that day are grouped together “batched” and settled through the acquiring bank for deposit into your account. The Acquirer also sends transaction information to MasterCard and Visa on a daily basis, which will reconcile the incoming information and route them to the appropriate card issuers overnight. The card issuer will then post the transaction to the cardholder’s account for payment.

The Merchant Processing Guru Tip#19: So who are all the players in the Credit card processing industry? – More than meets the eye!

First of all you have the “card issuers” who are in most cases the banks but there are many forms of cards which I will go over in another post here shortly. For our purposes in this post I will refer to the banks as the card issuers. Visa and MasterCard are the associations who are recognized as the entities who stand behind the credit cards that are issued by the banks and offer the fraud protection we all enjoy so much and any other benefit that they give us through the cards that carry their emblem. The banks issue a credit card, with either a Visa or MasterCard logo on it to the “cardholder” who then goes about using that card to purchase goods and services from “the merchant”.

The merchant needs to set up a merchant account in order to accept credit cards from the card holder. A merchant must be approved under Visa & MasterCard regulations to accept credit cards as a form of payment, this limits the risk to the cardholder and helps to create some regulation and prevent fraud. So far so good right? I haven’t told you anything you don’t know yet. In my next post I will explain about the players on the processing side of this industry which is a little more of an unknown.

Russell Harverson has over 6 years experience in the card processing industry and has build a reputation for “being there” for all his merchants! His goal is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of the Merchant Processing industry, shedding light on the credit card processing industry. To contact him via email theGuru@theMerchantProcessingGuru.com
Or call him at: 1-888-368-GURU (4878)

The Merchant Processing Guru Tip#18: Some facts about the credit card processing industry

Here are some interesting facts about this industry from 2007 that you might like to know.

58.3 Billion electronic payments were made in 2007, totaling a whopping $36.4 Trillion (this is all forms of electronic payment such as ACH, direct debits, etc.).
24.7 Billion transactions were made using a credit card at $2.5 Trillion, this is a growth of 9.7% from 2000.
20.6 Billion transactions were made using a debit card totaling $1.5 Trillion in sales with a growth of 25.5% from 2000.
Check payments numbered 36.7 Billion with a value of $39.3 Trillion. This is a decline of 4.3% since 2004

Studies show that consumers spend 40% more with a credit card compared to cash

A report by AC Nielsen shows that by the year 2020 only 10% of transactions will be made in cash.

In 2004, for the first time in history, electronic payments surpassed check payments. So with checks & cash on the decline, credit cards, online banking and other forms of electronic payments are fast becoming the norm. So if you are in a business that works directly with the consumer and you do not accept credit cards yet as a form of payment, you might want to give that another look as pretty soon it will be unavoidable.

The Merchant Processing Guru Tip#17: High Risk Processing – Continued:

Other reasons for a credit card processing account to be deemed a high risk is bad history in a particular industry. If a particular industry is placed on the “undesirable” or “Unacceptable industry list” then anyone seeking to open a merchant account, who is in one of those industries, is automatically declined by a traditional processor and will have to go to a High Risk Processor to open an account. A High Risk account will typically be at a higher cost as the processor assuming that risk will need to mitigate that risk with higher profits. Some examples of High Risk Industries are: Online Porn and related businesses, Gambling, Online supplement sales & Diet pills, Collection companies & Credit repair, Investment Firms and more. If you have high ticket items that are delivered or shipped after running the customer’s credit card you may also find that you are too high a risk for some processors. I find that the majority of high risk accounts today are in fact ecommerce accounts as so much business is done online today as opposed to several years ago and that is where most of the fraud and purchases with stolen credit cards occur. If you have a rocky financial history you could possibly find this to be problematic as well. If you have questions about this just get in touch with me.

In some cases a domestic High Risk processor will accept one of these accounts but in others we will have to go to an Off Shore High Risk processor which is typically a European bank to get a merchant account. I look at every case individually as no 2 accounts in this arena are the same. The cost for setting up an off shore account are high and the cost for processing through an off shore processor can be high also but if you cannot get approved by a traditional processor or even a domestic high risk processor the benefits of taking credit cards may out way the additional costs and you don’t really have a choice.

I have access to every form of High Risk processing that is available and can place almost any account. If you happen to find yourself in this position then just get in touch with me and we can find out what your options are.

theGuru@theMerchantProcessingGuru.com

The Merchant Processing Guru Tip#17: High Risk – What is High Risk in the credit card processing industry

First of all, let’s explain why a business might be considered a “High Risk” to a processor. One of the most common misconceptions about the credit card processing industry is that people assume that there is no risk to the processor and that they should, without any question, be able to open a merchant account. Well, this is not always the case and I will attempt to cover some of the reasons why a business not only needs to qualify for a merchant account but also why they may not.

Qualifying for a merchant account is somewhat like qualifying for a bank loan or a line of credit. A merchant account is not very different, in as much as the processor is extending the funds that you have processed through your merchant account and may not themselves see that money for up to 30 or even 60 days in some cases. But even worse is the fact that they are liable for every dime that is processed through your account for up to 18 months. If a business were to go out of business and chargebacks (See my post about “Chargebacks”) started to occur the processor is obligated to Visa & MasterCard for that money and under Visa & MasterCard regulations they will have to refund any money that is disputed and cannot be proven to be a legitimate charge.

So when underwriting a new merchant a processor will look at the stability of the business and many other factors. If you are a retail store or restaurant then there is very low risk in most cases and any traditional processor will just look at the major areas of concern and approve your account 99 times out of 100 but if you are an online business or have any type of future delivery business model then they will look closer at the business and its owners to make sure that the risk is low before approving this type of account. They will also require more backup documentation about the business such as a few months of banking statements and perhaps a year or two of the businesses tax returns. This again is to determine the financial stability of the business that is applying for a merchant account.

In my next post I will go into some other reasons a business might be considered a high risk to a traditional credit card processor. Stay tuned!

The Merchant Processing Guru Tip#16: Standalone credit card processing terminals and PCI Compliance

I am hearing of cases where a processor is forcing merchants to upgrade their terminal because their terminal is not PCI compliant. Standalone credit card processing terminals are not affected like PC based processing solutions as standalone terminals do not store credit card numbers. However if you run debit cards through a terminal under the pin-based debit option and you are using your terminals internal pin-pad, that is the portion that may not be PCI compliant. There is a very easy and simple way of getting around that issue, just get an external pin-pad from your processor to plug in to your terminal that is PCI compliant. A pin pad needs to be Triple-DES encrypted (3DES) as these pin-pads store the pin numbers that are entered into them by your customers.

This brings me to the issue of equipment altogether. There is absolutely no reason to lease or even purchase credit card processing terminals, for the most part, any longer. I typically will provide my merchants with equipment for as long as they process with me. I still find cases where merchants are paying between $50.00 & $150.00 a month on a lease for 48 months which is robbery on behalf of the company that set them up, as far as I am concerned. The merchant ends up paying between $2,400 to $7,200 for a piece of equipment that may have cost $250 to $350. The worst thing about this type of lease is that they are “Ironclad”, there is no way to break them. You are stuck with paying the entire amount you owe, including a buyout at the end of the lease which is typically 10-15% of the original value of the equipment. Leases may have had their place several years ago, when done properly & they can still be used in some cases as long as they are beneficial to you and on equipment that is just too expensive to purchase up front, but not for just a simple counter top terminal, that’s ridiculous.

To avoid ever getting into a lease like this again or paying outrageous fees for processing your credit cards, consider this. It has been my goal the past 6 years to always provide those who choose to work with me, the most cost effective solution for them and their business. I believe that in doing so I will build a long lasting business relationship with each and every person I work with. If you believe this is something you would like to have in your relationship with a credit card processing provider then get in touch with me today and I will show you how much I value your business.

theGuru@theMerchantProcessingGuru.com

TheMerchant Processing Guru Tip#15: Storing credit card information securely under the PCI compliance processing guidelines.

If you need to store your customers credit card information for future sales or monthly recurring billing purposes etc. you want to avoid storing it on your computer as this is what the new PCI guidelines are cracking down on. If you can’t store this information on your computer any more, then where can you store it that makes sense you ask? I am glad you did. Probably the most secure place you can store credit card information today for recurring billing purposes is on a PCI approved online gateway that is set up for recurring billing. This is not only secure according to PCI guidelines but removes any of the risk and responsibility from you to the vendor of the secure gateway. They are in a much better position to assume the risk and responsibility in this area than any small business is, so let them. Another great aspect of using an online gateway for your recurring billing is that you do not need to spend a large sum of money on software and updates, you will just have a small monthly gateway fee that will take care of everything.

Storing card information on your accounting software, database or any other programs on your computer that are not used to process them is also something that the PCI SSC is trying to crack down on. The reason is that ANY information that is stored on your computer any where is vulnerable to hackers. It is not enough just to have a Firewall as these can be penetrated, but you will need to go through all the PCI compliance requirements that I mentioned in Tip#14 which can be very costly. To avoid this all together, refrain from storing any cardholder information on your computer. Transfer it all to an online secure terminal or the old fashioned way, paper records. Even paper records can be at risk though and should be kept securely in a filing cabinet under lock and key as theft is a problem there also. Online is the way to go if at all possible and I can help you implement this in a very efficient and cost effective solution for you no matter what your business! Just get in touch with me at: theGuru@theMerchantProcessingGuru.com

The Merchant processing guru Tip#14 Continued: PCI Compliance.

Continuing to process your credit cards through your POS system will also require you to have your network scanned periodically by a PCI SSC third party approved vendor, about 4 times a year, and incur a cost of approximately $200-$300 per year. You will be required to have all your new hires undergo a background check, cost approx. $25 per hire (not a bad idea in itself…), Increased password security on your POS systems with lockout access after 6 attempts & a 7 digit password rotated every 90 days. Aggregation files maintained on a separate computer from the network as well as a security log aggregation & retention for a minimum of 90 days to a max of 1 year. Have a headache yet? You will if you decide to continue processing through the POS system on your computer network, and it doesn’t stop there.

If you miss any of these steps and any others that I may have missed then let’s talk about the consequences and penalties should a breach occur and you are not 100% compliant! As things stand right now the details about penalties for non compliance are still very vague, what we know is that an acquiring bank can be fined anywhere from $5,000 – $100,000 per month for compliance violations and you can guess who the banks will pass those penalties onto!

My suggestion is, do not continue to process through your computer’s POS system but separate your computer networks from your cardholder environment. This will make your life that much more simple and make things a whole lot more secure for your customers who you want to protect as much as Visa & MasterCard do, as they are your life blood. If you have any further questions about getting a standalone credit card processing terminal for your business to replace your PC based card processing and how you can get one free of charge, then feel free to get in touch with me at: theGuru@theMerchantProcessingGuru.com

The Merchant Processing Guru Tip#14: PCI DSS Compliance – What is it and is it relevant to you?

The credit card processing industry has been going through some changes over the last few years since the creation of the Payment Card Industry Security Standards Council (PCI SSC) that was created on September 7, 2006 to combat the growing problem of security in the industry. PCI DSS means “Payment Card Industry Data Security Standard” and is setting a new “Standard” for the payment card industry to attain. It is focused on reducing the ability of someone to obtain sensitive credit card information and even though it applies to anyone who accepts credit cards as a form of payment, I will try to simplify things a little and explain who is most affected and why.

The weakest link, so to speak, when it comes to data security has been with computer software programs that are vulnerable to hackers breaking in and obtaining cardholder information. Therefore, anyone using their computer to store or processing credit card information will need to pay close attention to these new guidelines and check to see if they are in compliance. If you use a software package such as PC Charge or IC Verify for instance then you should check to see what version you are using. If the version is too old, it could be outside of PCI compliance requirements and you should either consider upgrading to a later version or changing your method of processing your transactions. The latter can sometimes be more cost effective especially when you take into consideration that the software you upgrade to could only have a year or two until it too will expire due to PCI updates etc. So before you go spending hundreds of dollars on upgrading your software, only to find out that it will expire shortly afterward, let’s see if another solution could work just as well for your needs. Tune in to my next post where I will talk about some other aspect of PCI compliance that are critical for you to know. To read up some more on PCI compliance go to any of these sites:

PCI Security Standards

PCI Self Assessment Questionnaire

Visa Risk Management

Visa instructions on what to do if your data is compromised

MasterCard

List of Qualified Security Assessors (QSAs)

List of Approved Scanning Vendors (ASVs)

For any questions about your specific situation feel free to get in touch with me at: theGuru@theMerchantProcessingGuru.com

The Merchant Processing Guru Tip#13 continued: Credit card processing “Chargebacks” What are they and how to avoid them!

“Chargebacks” not only cost you the money you should have made from the sale but the processor has to charge you for the involvement they have in dealing with the issue, the processor will charge you anywhere from $15.00 to $35.00 as what is called a “chargeback fee”. Whether you win or lose the dispute then there is still that chargeback fee to cover the costs of the processor getting involved to handle this issue. So treat your customers right and you will avoid chargebacks!

You may also be charged what is called a “retrieval fee” of approx. $5.00 – $25.00 for the processor to “retrieve” the funds from your account that were disputed should you lose the dispute. It gets worse! Should you have excessive “chargebacks” of more than 1% of the transactions you process then according to Visa & MasterCard’s terms you are an unacceptable risk to them and their card members and will most likely be dropped by your credit card processor. A processor can also be penalized for having anyone on their books who has more than a 1% “chargeback” history and you will find it very hard for any processor to accept you as a merchant after being dropped for this reason. As you can see, you want to avoid this unpleasant occurrence at all costs, so always have proof and signature for every transaction. The good news is that “chargebacks” in most traditional industries are a rare occurrence, so as long as you stick to the guidelines of accepting credit cards you won’t have anything to worry about. If you have questions or concerns just get in touch with me and I will be happy to help.

Contact me at: theGuru@theMerchantProcessingGuru.com