Merchant Services

Ten ways to reduce your cost of accepting credit cards

SBOCTeam — Fri, 03 Oct 2008 17:03:00 GMT

by amspcs

In tough economic times, small businesses seek out ways to cut expenses. One of the best places to start is to lower the cost of credit card processing.

Here are ten proven ideas that every merchant can and should implement. To learn more about each item, please refer to the resource links provided below.

1.) Minimize surcharges Circumventing terminal prompts such as bypassing Address Verification (AVS) or failing to settle batches properly cause transactions to downgrade to higher rates. Adhering to proper procedurees will reduce your rates.

2.) Avoid chargebacks A common avoidable chargeback reasons is unauthorized use of card. This is easily avoided when cashiers are trained to compare, check and verify signatures on each and every transaction.

3.) Consider adjusting your discounting method Does your processor have you on gross processing or net processing? Daily or monthly discounting? Does your particular business qualify for one plan over the other, and would you benefit from it? Learning these fine points can mean extra profit for your business.

4.) Discontinue the Merchant Club membership Many merchants pay $9.95 or more monthly for Merchant Club dues; not knowing this fee is optional. These programs offer benefits like free terminal repair and free supplies. In rare cases, it's worthwhile. But most merchants accomplish nothing more than spending over $100 per year for maybe $30 worth of free supplies; hardly a justifiable expense. Betters to buy supplies from a local office supply outlet, and opt out of the merchant club.

5.) Verify PCI Compliance In the wake of data breaches and identity thefts, Payment Card Industry (PCI) security standards is a serious matter. This involves the manner in which merchants safeguard and store customer credit card data, among other things. The processing industry has established well defined procedures and regulations, failure to adhere to which can lead to nasty fines. Small businesses are not immune. Contact your processor and make sure you are compliant.

6.) Update your processing equipment Replacing obsolete processing equipment can net significant monetary savings very quickly. Examples: Replacing a dial-up credit card machine with a wireless machine and dropping a costly dedicated telephone line can pay for itself in no time. Newer terminals supporting the latest security programming can actually reduce some discount rates. Newer machines using thermal paper eliminate the need for costly ink cartridges and ribbons altogether.

7.) Invest in a Pin Pad A pin pad and a subscription to a true debit gateway enables merchants to process pin debit as opposed to signature debit at greatly reduced costs. For example, the cost of processing a $500 sale could conceivably be reduced from over $8 to under $1 by processing as pin debit instead of signature debit.

8.) Don't fall for the Cold Call scam Unethical processing reps make their living by cold calling merchants, performing an audit of their merchant statements, and promising huge savings if the merchant switches processors. The problem is that it's a big lie; comparing real world numbers with contrived assumption-based fantasy scenarios isn't a valid comparison. More often than not, duped merchants find themselves locked into long-term contracts with higher processing fees than before. Legitimate mainstream processors simply don't operate this way. Their growth is based on performance and legitimate referrals, not by dispatching droves of amateur salespeople to knock on doors. If you are approached in this manner, make sure you run their 'offer' past your current processor before you sign off. Chances are he'll enlighten you to what it really is nonsense. And worst case scenario, if it's legitimate, he'll probably meet or beat it.

9.) Get rid of the No Checks Accepted sign True, the world pays mostly with plastic these days. But there are still millions of checks written every day, Most of them are good. Problem is, when you turn away all checks in hopes of avoiding the bad ones, you're turning away tons of good ones too! The fact is: With modern check guarantee technology, accepting checks is as secure as credit card acceptance, and often cheaper. Furthermore, there are legitimate service providers offering 100% free collection services for NSF checks. There's really no reason to give your competitor the advantage by handing over your check revenue business on a silver platter

10.) Take advantage of free training offered by your processor Legitimate credit card processors offer training to teach you and your staff the right and wrong ways to accept electronic payments. Take advantage of it. Training teaches how to avoid mistakes, surcharges, and chargebacks. How to properly settle your batch, when to run a void instead of a refund (there IS a difference), what to do (and not to do) when you get a decline response to avoid wasting dollars, and much more. If your processor does not offer training, you are being severely short-changed and overcharged.

RESOURCES:

To learn about CREDIT CARD SURCHARGES visit http://www.MerchantServices-help.com/discount-rate.html

To learn about CHARGEBACKS visit http://www.MerchantServices-help.com/chargeback.html

To learn about DISCOUNTING METHODS, visit http://www.MerchantServices-help.com/processing.html

To learn about PCI COMPLIANCE, visit http://www.MerchantServices-help.com/PCIcompliance.html

To learn about DEBIT PROCESSING, visit http://www.MerchantServices-help.com/debit-card.html

To learn about SALES SCAMS, visit http://www.MerchantServices-help.com/merchantmistakes.html

To learn about CHECK GUARANTEE services, visit http://www.MerchantServices-help.com/check-services.html

To learn about FREE CHECK COLLECTION, visit http://www.MerchantServices-help.com/nsfcheck.html

Barry Godofsky operates Automated Merchant Solutions, Inc., a Florida based Independent Sales Office (ISO) representing several of the largest credit card processing Acquirer institutions in the nation. For more information regarding small business credit card processing issues including unbiased tips, FAQs, and resources, please visit http://www.MerchantServices-help.com

Are You Compliant

SBOCTeam — Thu, 17 Apr 2008 12:41:00 GMT

PCI Compliance
If you don't understand the current Payment Card Industry guidelines for your business, you may be putting yourself and your customers at risk

By Reed Richardson

Over the past three decades, as our society has increasingly shifted toward one where both consumers and merchants prefer credit over cash (as a recent Visa commercial not so subtly pointed out), the threats from fraud have also radically increased. Gone are the days when criminals are satisfied with the paper bills in your wallet, now they really want the numbers on the plastic in your purse. So, protecting all this financial data, which can be found everywhere from credit cards to company databases to online servers, must now be a major focus of even the smallest of businesses.

Make no mistake: Credit card fraud is expensive. In fact, it cost U.S. consumers and businesses an estimated $3.2 billion in 2007, up more than 35% from just four years earlier, according to a tracking study by Celent Communications. In fact, credit card security is now a major or moderate concern of more than three quarters of the population. And though small retailers have-so far-not been hit as hard, another recent survey found that as many as one out of six had experienced online credit card fraud losses totaling more than 1% of their annual revenue.

Therefore, after years of merchant confusion concerning different brand-specific requirements, along with the continuation of massive credit card data breaches, the five major credit card issuers joined together to create a single standard for protecting credit card data. As a result, the Payment Card Industry, or PCI as it's known, which consists of Visa, MasterCard, American Express, DiscoverCard, and JCB International (a Japanese credit card issuer), finally established an industry wide protocol of best practices in June 2005 called the PCI Data Security Standard (PCI DSS). The goal of the PCI DSS is to reassure customers that their credit card data and transaction information is safe from hackers or any other malicious system intrusion.

"But I only process a few credit card payments a week on my website, do these new rules apply to my small business?" you might ask. The likely answer is yes. "The rule of thumb is this: If you house credit card information, in whatever form, if you house the information in your server-the server that you own or you added-then you are basically responsible for complying with PCI DSS," explains Khalid Kark, an analyst with Forrest Research.

Get the Facts: Know Your Classification
To promote its compliance efforts, the PCI set up a website http://www.pcicomplianceguide.org/ devoted to helping businesses understand these new expectations. Fortunately, the PCI recognized that data security, as well as the ability to invest in it, varies greatly depending on the size of the company. Accordingly, the PCI separates merchants into four different levels, sorting them by their total annual credit card transactions. Most small companies fall under either Level 3 or 4 (less than one million annual Visa or MasterCard transactions) with the distinction between Levels 3 and 4 figured by how robust their online retail presence is (Level 3 companies are defined as having between 20,000 and one million annual e-commerce transactions, Level 4 firms are under 20,000 a year).

Spurred on by massive data security breaches like the one experienced by retailing giant TJX in 2005 and 2006 where the company took a $40.9 million hit to settle a lawsuit after it compromised more than 45 million Visa accounts the PCI initially focused on bringing larger, Level 1 firms into the fold. Smaller businesses were able to meet the PCI's 12 requirements through a less rigorous process that involved taking an annual risk assessment questionnaire and conducting quarterly network scanning. Both methods are fairly affordable for small businesses; the self assessment is free and many PCI approved scanning vendors (ASVs) charge between $12 and $40 a month for their services.

Recently, however, the PCI has broadened its focus to smaller companies for two main reasons: volume and vulnerability. Despite their small size, Level 4 merchants still account for 99% of all credit card merchants and, because of their limited resources, all these companies are more susceptible to security breaches. "Usually, Level 4 merchants do not have the technical expertise, nor the IT staff, to properly secure card holder data," notes Aaron Biddar, president of one of the PCI approved scanning vendors, ControlScan. "So, if I am a hacker, I'm going to go to the merchant that I know cannot afford the proper security or staff to mitigate that type of breach." As a result, Visa unveiled a new Level 4 merchant compliance program last May that seeks to educate small businesses on risk-profiling strategies and how to minimize the amount of customer data that they store.

The Risks of Non Compliance Are High
The role that the individual credit card companies play in the PCI compliance effort should not be overlooked. That's because enforcement of PCI compliance infractions is left to the specific credit card companies, like Visa, and their patience for non-compliance is quickly wearing thin. (In 2006, Visa alone levied almost $5 million in fines and, last year, the company imposed an $880,000 penalty against the bank complicit in TJX's mishandled credit card data.) Although most fines and penalties levied by the credit card companies target banks rather than small businesses themselves, there is a still a significant financial incentive to comply-it only takes one confirmed data breach at a Level 4 merchant to get that company reclassified to Level 1, which requires much more comprehensive and expensive security checks and audits.

Unfortunately, many businesses both large and small remain completely unaware of the PCI's requirements and the potential trouble their company could encounter if they don't comply soon. In fact, a recent poll on the PCI compliance website found a plurality of business owners 29% didn't even know their merchant level classification and a mere 11% said that they were currently in compliance. And, as might be expected, many myths about the topic have also blossomed.

In the end, PCI compliance should be considered just another cost of doing business in today's credit obsessed world. And though it might require an outlay of some capital and be a bit of an inconvenience, consider the cost of not safeguarding your customer's credit card data in terms of your company's reputation and ability to fight a long, protracted lawsuit. That's a price no small business is willing to pay.

Safety Is Important Online Too
In an interview on PracticaleCommerce.com in October of last year, John Munsell, founder and CEO of Bizzuka, a web design and development firm noted that online shoppers should make sure that their any business website where they plan to make a transaction should display a symbol verifying that it uses an approved scanning vendor, such as Scan Alert (Hacker Safe logo), ControlScan, Cybertrust, and VeriSign. "Merchants," he said, "should make sure that their vendors provide PCI compliance before proceeding." Also, he recommended checking to make sure that compliance by the vendor is ongoing, and not just during the delivery phase of the website. "I've seen a lot of merchants buy a shopping cart that was PCI compliant at the time of delivery, but 48 hours later, the cart became non-compliant and the vendor either disappeared or asked for more money to retain compliance."

The Data Less Retailer?
Still, Joe LaRocca, vice president of loss prevention for the National Retail Federation pointed out in an article on that organization's stores.org website recently that PCI compliance does not necessarily guarantee that a retailer is safe from having their customer data compromised. As a remedy, his organization is calling on banks and credit card companies to stop requiring merchants to store credit data in any manner. (Currently, retailers must store credit card numbers for up to 18 months in order to manage refunds, etc.) "If the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place," LaRocca explained. "If you're not storing any credit card data, there's no incentive for the criminals to breach your systems."

Reed Richardson is an associate editor/writer for Business Minds magazine.