Skip navigation
SBC Team

The Future of Credit Cards

Posted by SBC Team Oct 14, 2015

Credit-Cards-Thumb.pngThe credit card industry is not just undergoing a revolution; it’s facing an evolution. Help your small business prepare for tomorrow with the information found in our new guide, “The Future of Credit Cards.”


Click here to download the Future of Credit Cards Guide (PDF).







It’s all about the cash flow.  To help, we’ve compiled
our newest and most popular cash flow content for you. 
Click here.

POS_Body.jpgWith each news report of large-scale customer data breaches, small business owners have been left wondering how they can protect themselves and their customers from falling victim to credit card fraud. At the same time, they’re grappling with the implications of the upcoming migration to EMV technology on credit cards. By implementing strong security measures and preparing now for the October EMV deadline, small business owners can minimize security threats and ensure their on-time compliance with the new standard.


1. Introduction

For businesses in general and small companies in particular, customer relationships are built on trust. That’s why news reports about hackers exposing personal and financial data are so unsettling: from the customer’s perspective, that trust has been betrayed—and for the affected business, rebuilding that trust can be a painful, time-consuming process.


The last thing a company on a growth path needs is the combination of bad publicity, lost business, and lost staff hours caused by a data breach. While nothing can offer absolute protection against hackers, there are steps you can take to protect and preserve your company’s hard-won customer and vendor relationships, reputation, and prospects for sustained profitability and growth.


2. Taking care of business basics

The good news is that many security steps are easy to implement. That’s because most cyber criminals aren’t looking to exert themselves—they go after the low-hanging fruit, says Troy Leach, chief technology officer of the PCI (Payment Card Industry) Security Council, which promotes education and awareness of PCI security standards. During the past five to ten years, “the vast majority of vulnerabilities were actually very simplistic,” he says. “Somewhere between 92 and 99 percent of the breaches were known vulnerabilities that had been in existence for more than a year. We need to raise the bar and eliminate those simple things, and that will help move the needle on security.”


Passwords are one glaring example. Although in theory we all know better by now, Leach notes that the most common one in use is still “password.” If you can’t come up with something more difficult to crack than that, your password might as well be “welcomehackers.” But “probably the greatest human error element” is that many merchants don’t know where they have their cardholder data stored, he says. “Security equals the technology, the people, and the process they put in place to manage that technology.” As an extension of that thought, he notes that small businesses often store cardholder data that they don’t need to retain. If you don’t need it, don’t store it—and just like that, you’ll eliminate the risk of having that data breached.


Another common mistake among small business owners is to look for ways to economize on data security. This is not an area in which you want to rely on the services of your neighbor’s son, who is in his junior year as an IT major and has always been great with computers, Leach cautions. The same is true of your software, which should be secure, tested, and from a known and reliable vendor.

3. E-commerce and emerging trends

As you’ve probably noticed, some of your customers are using credit cards that are equipped with chips. To process chip payments, you need a chip-enabled terminal from your payment services provider, which can also help you to understand the steps you need to take to become chip-enabled. Your business is required to be ready for this migration by October, so if you haven’t started, do so now.


“Small and medium-sized merchants need to get informed. They need to do some research about what these changes are and how it’s going to affect them,” says Randy Vanderhoof, director of the EMV Migration Forum and executive director of the Smart Card Alliance. “Contact your bank, your processor, or whoever you have as your support for your payment device, and ask them about their ability to set you up for an EMV-capable terminal.”


When the new devices are delivered, he adds, “take the time to test them internally and learn about them before you turn the entire operation live, so that you have proper time to educate yourself and any employees about the changes at the terminal. Don’t create an environment where consumers are looking for your assistance to learn how to use their cards, and you are not familiar enough with the card or the technology to be able to complete the payment transaction.”


As that migration occurs, strong encryption will be more important than ever for businesses engaged in e-commerce. That’s because with the move to the EMV chip, “criminal activity is going to migrate to what is know as 'card-not-present' fraud—situations such as mail order, telephone order, and specifically, e-commerce, where the card is not physically presented by the customer,” Leach says. “So we need to be very diligent in recognizing that e-commerce merchants of any size are going to be a higher target for criminal activity very shortly. What they can do to protect themselves is find ways to encrypt that data immediately, as it’s received from their customers, in order to limit the access to that information.”


If you’re using a cloud storage service, he adds, make sure you know where your data is being stored and how it’s being protected. And he advises taking a long-term view on your investment in new terminals: “Do the cost-effective thing of future-proofing your terminals and looking at buying not only for EMV, but for point-to-point encryption. If you do that, you’re going to have a better chance of having a longer return on your investment in new terminals.”

4. Planning for the worst-case scenario

Of course, no matter how much you prepare, and no matter how good your firewalls and security are, you can’t make your small business invulnerable to hackers and malware. “The latest statistic I read was that more than 80,000 new variants of malware are introduced every single day, so it’s very hard to keep pace with that,” Leach says. “But a great defense is to continue to monitor and scan for vulnerabilities in your network.”


In addition, he advises business owners to create an incident response plan. “It doesn’t have to be complex. It just has to include the basics of who you contact. What’s your basic mode of operation? What are the procedures that you need to be aware of?” The plan should also include a list of website resources so you don’t have to search for those addresses when you need them. Depending on where your business is located, your home state may stipulate certain data breach requirements for notifying your customers, so it’s a good idea to be aware of those in advance, as well. “You’ll be in a much better position and less stressed by having all of these resources readily available, knowing where to turn, and who to seek advice from.”


Understanding the issues and developing best practices in cybersecurity can be challenging for small business owners who are not specialists in these areas. But by seeking expert advice and developing your company’s strategy for managing data, you can reduce your risk of a breach, protect your customer relationships, and prepare your company for a more secure and successful future.

5.  Resources

To learn more about cybersecurity, the upcoming EMV chip migration, and what your small business needs to do to meet its obligations to customers, consult these online resources.


Ten Cybersecurity Tips for Small Business is an online resource published by the Federal Communications Commission (FCC) to help small business owners “protect themselves, their customers, and their data.”


The FCC’s Small Biz Cyber Planner 2.0 is “an online resource to help small businesses create customized cybersecurity plans.”


This United States Computer Emergency Readiness Team page provides information you can use to learn more about cybersecurity and steps you can take to protect your small business.

Check StaySafeOnline, a resource of the National Cyber Security Alliance, for resources that can help you “protect your business, employees, and customers from online attacks, data loss, and other threats.”


The PCI (Payment Card Industry) Security Standards Council is “an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards.” Its website includes a variety of resources developed specifically for small business merchants, including:


•    PCI for Small Merchants

•    Secure Passwords

•    Protecting Your Customer’s Data from Malware

•    Top Ten Tips for Protecting Against Card Fraud


The Smart Card Alliance, “a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use, and widespread application of smart card technology,” created the EMV Connection website “to assist all industry stakeholders with EMV migration.” Its merchant page covers everything “from EMV basics to detailed guidance on what merchants need to consider to develop the roadmap to accept EMV cards and devices.”


The EMV Migration Forum and the Payments Security Task Force developed “to assist consumers, merchants, and issuers with the migration to chip technology.” Resources on the site include training FAQs, a training infographic, and a guide to communicating best practices, all available via links at the bottom of the merchant page.


Bank of America, N.A. engages with Inc. to provide informational materials for your discussion or review purposes only. Inc. is a registered trademark, used pursuant to license. The third parties within articles are used under license from Inc.. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.

ExitStrategy.jpgWhether a business owner wants to retire to a tropical island or simply move on to the next venture, an exit plan is crucial to ensure a seamless sale. The business owner that plans wisely, in advance, can negotiate a transaction that benefits buyer and seller alike.


Barring unforeseen circumstances (injury, illness, family emergencies), it’s wise to plan for a sale at least one to three years in advance. Sellers should have at least three years of unblemished tax returns on hand, which will help an appraiser or broker accurately value the business and give the potential buyer a clear picture of a business’s cash flow. No one likes to pay taxes, but if you plan to sell a business, it’s best to think conservatively with deductions.

Click here to download the PDF.

SBC Team

Get up to Speed on EMV

Posted by SBC Team May 19, 2015

EMV-Thumb-md.pngThe EMV mandate is here. If you haven’t already, now is the time to get up to speed on how this change could impact your small business.


EMV is a new specification that defines a set of requirements to ensure credit and debit cards can be securely accepted on a common standard worldwide.


Responsibility for fraud liability has shifted to the party with the least secure authentication capability. If your payment devices don’t accept chip cards, and you accept a fraudulent transaction, your business is at risk for loss.


Click here to read the guide, "How to Prepare for EMV" (PDF)

You can also click here, to read our Frequently Asked Questions about EMV (PDF).


To talk to someone about the EMV mandate, you can call Bank of America Merchant Services.

  • Current Bank of America Merchant Service customers, please call 1-800-430-7161.
  • For new inquiries, please call 1-855-833-3610

Merchant-Thumb.jpgEmploying the right payment options, commerce solutions and data security safeguards for your growing business is essential in today’s financial landscape. Streamlining your payment processing can also save you a lot of extra time otherwise spent by manually taking care of all your back-office financial record keeping, processing and reconciliation. But if you streamline your payment processes for mobile, online and in-store, it will free you up to do what you do best: Run your business.


Click here to read our guide: Merchant Services for the Modern Small Business

PricingStrategies_Body.jpgby Robert Lerose.


One of the most vexing problems facing many small businesses is coming up with suitable prices for their products and services. For example, some new businesses will launch with heavily discounted prices in an attempt to build a sizable customer base quickly and establish a foothold in their market. Others will charge premium rates, but fail to show how the customer will get added benefits for the higher cost. Finding the sweet spot in pricing involves research, testing, patience, and an unwavering belief in the value that the small business provides.


Know your expenses

"You have to start by looking at all of your costs. This is where [many] people go wrong," says Janet Attard, CEO of Business Know-How. "Also, if they're starting out as a one-person business, they don't think ahead to when they will need employees and how those costs may change."


Businesses generate both seen and unseen costs that need to be taken into account. For example, besides obvious overhead expenses—such as employee compensation and benefits, insurance, Social Security taxes, office supplies, rent, and utilities—Attard says that business owners often forget to pay themselves a salary and factor that in their monthly expenses. And while a business that sends workers out on the road, such as plumbing, will take fuel and vehicle maintenance costs into consideration, the costs of running the office while the technician is on call need to be calculated, too.


There are a variety of ways to find out standard pricing in a given niche. "You can simply talk to the people in your industry and find out what they’re charging," Attard says. "Or look up people in noncompeting areas and find out what they're charging. Sometimes you can find out from customers themselves what they usually pay." She also recommends the Small Business Administration's pricing guide.


Charging the lowest price for your goods and services may actually backfire in some circumstances, Attard warns. For example, new businesses that significantly undercut their competitors in the business-to-business sector may make the customer think that they won't be able to handle the job successfully or that they are desperate for work. On the other hand, businesses that charge higher than average must prove that they offer and deliver more than the competition. "For somebody just starting out, coming in the middle range of the going prices may be a good idea," Attard says.


PricingStrategies_PQ.jpgDevelop an image

Businesses that have a clear idea of who their customers are may find it easier to set their prices and cater to their audience. "It's not like you have to [sell to] everybody," says Bob Phibbs, CEO of The Retail Doctor. "It's okay to turn some business away. Some retailers in particular deal with hagglers who believe you're gouging them to begin with. You don't want to attract those kinds of customers."


The actual retail store experience can affect how you set prices as well, Phibbs says. For example, customers who shop at a neighborhood grocery store that displays produce in makeshift bins might expect to pay less than what an upscale retailer with nicer lighting and artful presentations would charge for the same products. "Self-image can play a huge factor in how you price your merchandise," Phibbs explains.


While consumers may find cheaper prices for some products online, a brick-and-mortar retailer that has the item in stock at a higher price may make the sale, simply because the item is available then and there. "Americans are getting very, very tired of waiting," Phibbs says. "A good small business is going to help people see that and [prove that] advantage to the customer in front of them."


Be transparent

"The first time I set prices, I didn't have a clue [about what I was doing]," says Naomi Poe, founder of Better Batter Gluten Free Flour, a Pennsylvania-based allergy-free baking mix company. "At the time, our industry was not developed, so there wasn't anything to compare against. I just took my costs and multiplied them by two. I happened to come in right where people wanted to pay, but I don't necessarily recommend [my experience] as a pricing strategy."


Since that less than well planned out opening in 2006, Poe has taken a more systematic approach to pricing her products. Today, after calculating her operating expenses and profit margins, she surveys her biggest competitors in North America and compares their prices, and then works backwards until she comes up with a price that fits her business's position in the marketplace.


SBC newsletter logo.gif"It's all formulaic, but at the same time there's a lot of consumer psychology in there," Poe explains. "You push the numbers up and say nobody's going to buy at that price. You push the numbers down and say we can't afford to do it that way. So you keep calculating until you find the right point."


Poe works consistently to maintain a transparent, loyal relationship with her customers. She notifies them in advance when outside forces—such as rising fuel or commodity prices—are about to send her prices higher. Conversely, Poe rewards them with lower prices whenever possible. For example, when she was able to reduce the packaging costs on bulk orders, she passed the savings on to her customers. Poe also offers stable pricing options whether a purchase is made online or in-store, protecting both the retailer and the consumer.


According to Poe, she only had sales of $3,000 when she opened in 2006, but racked up $705,000 in sales last year. "Transparency and honesty in this day and age are as important as product quality and bottom line price," Poe says. "If you do right by your customer, they'll do right by you."

Google_Analytics_Body.jpgby Jennifer Shaheen.

When was the last time you looked at your dashboard and reports for Google Analytics? If it’s been a while, you may be in for a bit of a shock. In October, Google made significant changes to the reports available through Google Analytics. The navigation you may have been familiar with has changed, but the new format offers a greater level of detail that small business owners can use to market themselves more effectively.

“One major change to the user interface that has a big impact on small business owners is a reframing of the standard reports into Acquisition, Behavior, and Conversions,” says Yehoshua Coren, founder and principal of Analytics Ninja LLC, a Google analytics consulting firm. “These three areas are core for any business to measure their success.”

“The Google Analytics team has simplified what is sometimes an overwhelming amount of data,” Coren explains. “This helps small businesses with fewer resources for analytics to more effectively use the tool.”

Acquisition: Formerly titled “traffic sources”, the acquisition section details where the visitors to your website are coming from. The reports here include: overview, channels, all traffic, all referrals, campaigns, keywords, cost analysis, AdWords, social and search engine Optimization.

“The channel grouping is more than a cosmetic change,” Coren says. “It creates a number of standard ‘buckets’ for user traffic sources by default. These groupings fairly accurately describe the way that most users arrive at a website; such as organic search, social, paid search, email.” Channel groupings are customizable. This is important, he points out, because if a business sells products via comparison shopping engines (like Shopzilla, or NexTag), they can add shopping engines to their channel groupings.

Google_Analytics_PQ.jpgKnowing which one of many routes a visitor has taken to find your website has always been of tremendous marketing value. That’s what makes the new multi-channel funnel report so critical to small business owners. Coren explains, “A user may click on a link that was shared in their Facebook feed and visit a site, and then return to the site a few days later after doing a search for the company by name on Google. With the previous set of standard reports, the website owner would only know that Google was the source of their conversion. With multi-channel funnels, they can see that their social media efforts are paying off.”

Behavior: In the behavior section, you’ll find information about how your website visitors act while they’re on your website. The reports here are: overview, behavior flow, site content, site speed, site search, events, AdSense, experiment and in-page analytics. Examining this data will reveal how visitors move around your website, where they spend the most time, and what type of information is most relevant to them. Additionally, you’ll see how long visitors stay on any one page of your website.

“We’ll see people who stay on a page for less than 10 seconds. That tells me they weren’t interested in that particular item,” says George Anderson, a broker at Greasy Machines, an international dealer of manufacturing equipment. “That’s where things get interesting. If they go to another type of machine, and continue researching, we’re getting a better understanding of how our customers think, and how they’re moving through the sales process. But if they leave the site entirely after that initial 10-second visit, they may not be the customer for what we’re selling.”

This information is important because it reveals how effective you’ve been at presenting content that’s relevant and compelling to your audience. Online activity is a direct parallel to brick-and-mortar purchasing behavior: just as retailers have a better chance of making a sale the longer a customer spends inside their stores, the more time a user spends on your site the more likely they are to buy.

The site search report can help you pinpoint areas of great interest to your customers—and may cause you to rethink your web design to make the most popular products or services easier to find. Remember, for every customer that’s willing to search, there’s at least one who will abandon your sales channel when they can’t easily find what they’re looking for without searching.

You can also compare the acquisitions overview report side-by-side with the behavior overview report. This gives you a succinct view of where visitors come from and what they’re doing on your site. Couple this information from the data from another new report—the demographics section, available in the audience tab—and you’ve got a powerful customer profile you can use to guide your marketing decisions. Be ready to work with your webmaster on this one, as getting comprehensive demographic data requires some minor changes to the Google Analytics code, which is typically not a do-it-yourself task.

Conversion: In the conversion section, Google measures any action that your customer takes that involves going beyond passive engagement. Examples include filling out a contact form, placing an order, or watching a video. Google Analytics allows website owners to determine what type of actions they want to keep an eye on.

“We chose to track two types of conversions,” said Ken Scarbrough of Ultimate Dive Travel. “We tracked both requests for further information about a dive destination, and then reservations actually placed.” Tracking multiple streams of conversion data can provide some surprises: the dive destinations that created the most requests for information were not necessarily the destinations that divers were committing to visit. “Delving into why there was this disconnect allowed us to adjust our messaging and special offers, which helped us sell more trips to those destinations.”

SBC newsletter logo.gifGoogle Analytics: What to expect going forward

“The acquisition, behavior, and conversion framework provides small business owners with an accessible way to think about their customers’ online journey,” Coren says. “It is an improved way of expressing what has made up the core of web analytics since its emergence.

“It’s a major shift in how Google enables data collection,” agrees Adam Ware of SwellPath, a digital marketing agency that helps companies decipher their data to enable business decision making. He foresees a future where Google Analytics’ reach and relevance will extend even further than it currently does. "You'll see small businesses bringing in point-of-sale and other offline data. It'll become more of a collection point for all types of customer interaction—not just website activity."

This makes it clear that the time for small business owners to begin familiarizing themselves with the new Google Analytics reports is now.

Etsy_Body.jpgby Erin McDermott.


It’s the ultimate month of gifting—is your Etsy shop ready?


The crowds are coming, from Black Friday and Cyber Monday shoppers to the last-minute gift-givers looking everywhere for holiday presents. Last year, members of the marketplace for vintage and handmade goods rang up $117.8 million in sales during December, a 73 percent jump from the year earlier; for the year, the total was $895 million, according to Etsy. For its one million active sellers, there are now 60 million shoppers perusing every month, hailing from more than 200 countries.


Yet some concerns are equally universal. Will what I want be available? Can the merchant deliver it in time? Will it be just what I expected?


The charm of Etsy is that its community’s unique products show a human touch—from virtually anything crocheted or inspired by deep artistic craftsmanship to just the right vintage accessory that recalls a fond memory. For customers, that human side can also be a challenge: Many Etsy shopkeeps run their pages as a side business, and service and fulfillment compete with full-time jobs and busy lives. For every fantastic find, there are online reports of wayward sellers who don’t respond or leave clients unhappy.


One of the problems is Etsy’s low barrier to entry. “Anybody can have an Etsy shop. It’s not curated,” says Laura C. George, a business coach who works with creatively gifted artists all over the world. “There’s not a lot of policing of a certain level of talent, or a certain level of business professionalism on the site. I think what often gets in the way is that people don’t feel like their Etsy shops are actual businesses, even though customers certainly feel like it’s a business or they wouldn’t be buying.”


That said, most sellers take their Etsy quite seriously and strive to deliver excellent service. What are they doing to make the holiday shopping season a success for their shops? A few tips from those who’ve made it work:


Etsy_PQ.jpgStart planning early

To make the most of year-end holidays, it pays to start planning at least six months in advance, says George. Media opportunities—gift guides, product coverage, etc.—tend to work that far ahead and should be pursued early, with professional photos of your goods lined up for print outlets, she says. “You need to know what you want to have available for sale and what you’re going to need six months early. It sounds crazy, but it’s how it works,” George says.


Be upfront with policies (and follow them)

Communicating with customers is key. It’s smart for beginners to mimic the giants of e-commerce. Every Etsy page owner’s site should make clear shipping times, costs, currency conversion rates, returns, and even what happens if a product arrives damaged. One step further: Add a request for the customer to message you when they place an order. If a customer is in another country, the rules should remind them that shipments need to go through customs, which can take more than a week. If there’s a shipping tracking number available, send it to the customer and monitor it yourself to document that the package arrives. Because most products on Etsy are one of a kind, it’s often not so simple to just replace what has been ordered. If a problem arises, contact the client immediately, apologize for the situation, and offer a solution. (Take another page from the pros: Add a Top 10 Most Popular List to your site, which could help guide customers to pick an item for a hard-to-buy-for person on their list.)


SBC newsletter logo.gifSet a holiday-delivery deadline

Ask yourself: How much time do you really need to turn around an order in your busiest periods? Before you answer, consider the frenzy of the holiday season personally and professionally, with family commitments and many full-time jobs under pressure to meet year-end deadlines. Conversely, a frustrated customer who comes up empty-handed if an unforeseen problem arises can make what’s supposed to be a cheerful time difficult for both of you. Give yourself and your shipping providers some breathing room. A quick look at more than two-dozen Etsy shops shows Saturday, Dec. 14 as a popular cutoff date to have gifts delivered before Dec. 25.


Cultivate good reviews

Erma Williams-Nurse has a great policy of updating customers at nearly every stage of their orders at her store, The Pomade Shop. Since she set up her venture two years ago, she responds to messages as soon as possible and always within 24 hours. She also always says “thank you” to customers for their purchase and follows up after shipping with an email to find out if the product was received. Before packages leave her desk, she verifies that what’s going out matches the order and, because some of the orders are gifts, makes sure everything looks neat right out of the box. Ultimately, it’s the Golden Rule, Williams-Nurse says. “Be sure to produce what you would require as a shopper,” she adds. “Let’s go forward in the spirit of treating our customers the way we would want to be treated.”

CashCredit_Body.jpgby Iris Dorbian.


To Adam Sah, co-founder and CEO of Best Friend Wholesale & Mercantile, a San Francisco-based specialty grocery store chain, offering the digital currency bitcoin as an alternative payment solution for customers seemed like a no-brainer. Having started in Silicon Valley, where he once worked as a senior engineer at search giant Google, Sah is well-apprised of breaking trends in the tech world.


With this in mind, Sah began accepting bitcoin as a payment option to customers last spring. Though he freely acknowledges the deep ambivalence that greets bitcoin ("some people think it's a scam while others think it's the future of money"), Sah estimates that “two or three” customers per day make bitcoin transactions at one of his stores. Despite this low number, Sah hails bitcoin as a cost-effective alternative to cash and credit. And although bitcoin transactions can be slow due to its still nascent technology, it is free.


Sah is representative of a growing contingent of small business owners who, in an effort to drive customer traffic and pique interest in their respective companies, are thinking beyond the traditional payment methods. Though the verdict is still out on how well unorthodox payment choices, like bitcoin or barter, can benefit a company, some small business owners are experimenting with nontraditional offerings to build a customer base and forge relationships with vendors.


The latter has been key for Katherine Zeppos. As owner of the five-year-old, Lancaster, Pennsylvnia-based Katerina’s Finest, an olive oil importer and distributor, Zeppos says signing up with a barter network, comprised of local small business owners and companies that offer personal services, has been a godsend, particularly for financially-strapped startups like hers.


Services that Zeppos has accepted as barter usually depend on what she may need at a given moment, such as photography for her website. At the same time, she does concede a basic, non-negotiable maxim to her business operations:  “I rely on normal business sales. My business cannot be based only on barter,” she says.


Still, offering barter has afforded Zeppos considerable benefits to her business. “I have been able to sell my products all over the U.S. through barter and to Canada, too,” says Zeppos. “It is a great form of networking.”

Though nontraditional, both barter and bitcoin transactions can be a good way of drawing in customers while mustering up excitement over its usage. For small business owners contemplating adding alternative payment solutions to their menu of legal tender, consider these tips:


Don't be intimidated

Just because the payment solution you're offering is not the tried-and-true standard exemplified by cash or credit, that doesn't mean its implementation will be difficult.


Says Sah: "It's easier to do than you might think."


First, tell your customers, by word of mouth, ads, or sticking notices on your storefront window, that you will be offering this alternative payment solution. And of course, make mention of it on your website. Also, Sah suggests registering with various websites (e.g. that list which businesses accept bitcoin.


And for those interested in offering bitcoin, Sah says there is a plethora of websites that track where you can send bitcoin transactions. (They include: Bitcoin, BitcoinMining, UseBitcoins, and Howtobuybitcoins.)


And for those interested in signing up with a barter network, check out the following: The Barter Network, ITEX, The Business Barter Network and IMS Barter.


CashCredit_PQ.jpgBe realistic about your expectations

Don’t expect an upsurge in business just because you’re accepting bitcoin or barter as a payment solution. Know what kind of benefits you want to achieve to your bottom line. Ask yourself how these nontraditional options will bring you closer to your business goals


Because Zeppos knows that her business cannot rely on barter as a principal source of revenue, she sets a benchmark amount that can be sold that year with barter. “The barter benefits I earn I try to invest into my business again,” she says.

Make sure your merchant system supports an alternative payment solution

As in the case of foreign currency relative to the U.S. dollar, bitcoin rates can fluctuate. Though it may not be much more than the euro or other foreign currencies, says Sah, small business owners who are considering adding bitcoin to their payment choices need to be aware of this and adapt to it accordingly.


"The good news is any cell phone or laptop computer will do the conversion for you," says Sah.


To avoid errors, small business owners need to make sure that whatever bitcoin site they sign up and register with gives them a specific bitcoin address to receive payment. The bitcoin address, which is a list of numbers, can then be converted into a QR (quick response) code that merchants can scan when processing a bitcoin transaction.


Also, make sure you find a way that will let you know that a bitcoin transaction has been processed. This can be a simple text alert or e-mail.


When in doubt, err on the side of simplicity

Because the technology of bitcoin is still very green, small business owners should think about designating an IT person on staff (or outside the company) who can troubleshoot problems as they arise. Having someone who can provide immediate technical assistance will also help reassure other personnel who are not as tech-savvy.


Small businesses wishing to offer unconventional payment solutions like bitcoin or barter might find a climate far more conducive to embracing these options than in the past. But be realistic and don’t expect your business to change radically overnight. Being a visionary and a maverick are great entrepreneurial traits but not when tempered by rash behavior and willful obliviousness.

Note: Bank of America is not responsible for user posts and other user content appearing on this website and does not endorse or guarantee the perspectives, the advice, the users, the businesses, or the products or services offered by any users or businesses that appear on this website. any small business, regardless of industry sector, choosing the right merchant services, which enables customer payments to be made via credit or debit card, is necessary to its operations.  The goal should be to expand your customers' payment options while keeping them simple, safe and secure.


Based on a recent study, 83% of small businesses make more sales and get paid quicker by accepting credit cards than those who don’t.  Click here to read more about merchant services solutions.

MerchantServices_Body.jpgby Iris Dorbian.

To any small business, regardless of industry sector, choosing the right merchant services, which enables customer payments to be made via credit or debit card, is as necessary to its operations as breathing is to all living creatures. And yet it may also be one of the most confusing and complicated tasks for business owners to undertake.

A key challenge is how to deal with interchange or swipe fees, which is what a merchant services’ bank will charge a customer’s bank for the transaction, with the small business owner bearing the brunt of the costs. Although recent regulation, such as the Durbin Amendment, which reduces by nearly 50 percent the average amount of interchange fees that merchants pay for credit or debit card transactions, may have initially seemed like a boon in theory to small business owners, what has transpired indicates the contrary in practice.

“The Durbin Amendment is widely considered a legislative failure,” says Eric Stauffer, a consultant at the Los Angeles-based CardPaymentOptions, a watchdog group that helps small business owners get fair credit card processing deals from reputable companies. “The final rules [of the amendment] were changed at the last minute to allow issuing banks to add fees excluded in the original regulation, essentially doubling the purposed 12 cent fee cap to 21 cents plus 5 basis points (0.05%) of the transaction value and a 1 cent fraud prevention fee.” Consequently, transactions under $12 cost the small business merchant more that they did previously.


MerchantServices_PQ.jpgThis is a key proviso for small business owners to keep in mind when seeking out a merchant services provider. Following are several tips that can be invaluable when selecting the right merchant services for a small business.

Figure out your sales volume

What’s your average monthly amount of sales? What is your average sales transaction amount? Once you answer these questions and set a benchmark for both, you can hone in what you want your merchant services to provide for you. It also allows you to avoid paying for unnecessary services, such as reoccurring payments, says Jennifer Gaddis, founder of Heels and Jeans Project, which teaches busy women and working mothers how to improve their work-life balance.

She cites an example of a merchant services provider that charges $30 per month for a regular merchant account but then also includes a $30 monthly charge for reoccurring billing for another account. "However, if the merchant services don't offer monthly payment options to their customers, [a small business owner] could simply use the regular merchant account for $30 per month," explains Gaddis, who runs her business with a staff of three. "This will save you money."

Other questions to ask yourself: Where and how often do you plan on collecting credit card information? Will it be through online information fields or at a checkout counter in a brick and mortar operation? Answering these questions will help you figure out “whether you need to integrate your merchant account with other services that may require additional monthly fees,” says Joe Bielling, founder of Your Merchant Guru, a consulting service that negotiates contracts for merchant services. “In most cases, it will make more sense for you to buy your equipment especially to benefit from lower card swipe rates rather than leasing.”

Expanding on his last point, Bielling says owning a credit card terminal versus leasing it is the more cost-effective alternative given that the terminal can be purchased for “a few hundred dollars” in contrast to the “ongoing monthly fee of $20-$50 for leasing equipment, which would easily surpass a few hundred dollars over the course of a typical three-year leasing contract.”

Avoid the one-size fits all approach

Just because a merchant services account or provider may work for a few small businesses you know, doesn’t mean it will be the right fit for yours. Every company is unique, with its own set of needs and priorities.

“Think about what’s best for your business,” advises Bielling. “A clothing boutique will have radically different credit card processing needs than a home office consultant or a new manufacturing operation. In fact, the only thing most small businesses have in common is the desire to get paid quickly and affordably.”

Research merchant reviews

If you’re going to buy an item such as a specific computer laptop, typically you do some research to find out what other consumers are saying about it. Similarly, you should do the same due diligence when finding the right merchant services for your small business.

“Merchants are not shy about expressing their like or disdain for particular businesses in the merchant services industry,” says Stauffer. “Doing a little online research before signing up can save a lot of headaches down the road.”

Don’t fall for low-rate offers

If something seems too good to be true, chances are it is. “In some cases, these type of rates go up before the contract is over,” warns Bielling. “Hidden fees and line item charges also offset low rates. Compare your total monthly billing with your total cost of processing those payments. Your credit card processor should have cost-effective solutions that meet your needs today, while allowing features and services to be added or discontinued as you grow.”

Make sure all of your merchant services solutions work together

If you are using more than one merchant services at your small business, it’s imperative that each system mesh well with the other.

“There's nothing worse than getting all excited about how much a new service is going to help your company, only to find it doesn't at all integrate with what you're already using,” says Flynn Zaiger, CEO of Online Optimism, a New Orleans-based digital marketing agency that sets up and manages e-commerce sites for clients. “The best way to make sure nothing like that happens is ensuring buy-in from all of the managers of a company so they're all aware of each of the service's benefits and trade-offs.”

To expand on his point, Zaiger offers an example.  One time, he signed a client up for a very easy-to-use online storefront builder for small businesses, he recalls. “Two months into using the service, though, their accountants decided to use a sales tax software program without checking if it would integrate,” Zaiger adds. “Needless to say, there was a slight hassle in getting two systems that hadn't ever met each other before to actually communicate. But eventually we were able to patch everything back together. A little more talking between the people at the company would have saved us the time.”

Read the contract thoroughly

Before signing an agreement with a merchant services provider, be sure to read the fine print.  “Each provider is going to have their own contracts, and there is no such thing as a boilerplate agreement,” says Stauffer. “Just because the sales rep said you will be paying 1.49 percent + 20 cents a transaction, does not mean that is your final cost. Transactions are usually split into different tiers, and sales reps often only cite the lowest tier.”

Make sure the customer service support works

For Zaiger, whose staff size for his start-up is only two employees right now, this is a key best practice when choosing the right merchant services for clients. “Even if we had no questions, we always give them a call to make sure their response time is speedy,” he adds. “It's essential when starting a new service to be able to have help on the line within minutes of an issue. Making sure that you don't have to wait a full day for a response when something goes wrong will save you 24 hours of headaches and lost sales in the future.”

Things to consider when choosing a merchant processor:

  • Access to funds. Will the merchant receive next day funding?
  • Customer service. Does the processor have 24/7 support?  Is the support in the US or offshore?
  • Needs outside of core card processing
    • Check acceptance
    • Gift cards
    • Security: encryption, PCI protection
    • Loyalty programs
  • Equipment type. Does the merchant have mobile needs? Does the merchant need an entire POS system or just a terminal?
  • Does the merchant require online sales products?


Sidebar: Merchant Services Shopping

For small businesses currently searching for merchant services providers, check out the following online resources. Not only will they help you zero in on a provider that’s right for you but help you do some cost comparisons as well.


Body_Swipe.jpgBy Iris Dorbian.


For small business owners, they’re a nightmare that can cost untold money and time to correct. Unfortunately, in this increasingly digital economy where fraud or consumer fickleness runs rampant, they’ve become increasingly commonplace. What is this bane of every merchant’s existence? Credit card chargebacks.

Chargebacks happen after a consumer disputes a credit card charge. To rectify the supposed transactional error, the card issuer will then credit back the amount of the charge to the consumer’s card while leaving the merchant with a gaping hole in his or her merchant account. Sometimes a credit card chargeback can be the result of human error, technical glitch, or in the worst-case scenario, deliberate fraud. However, even if the outcome was triggered by illicit intentions, small business owners still have to contend with the fallout, which may include penalty fees incurred as a result of these chargebacks.


PQ_Swipe.jpgCard Hub, a credit card information site, recently released the findings of it its 2012 Chargeback Policy Report, which polled the top credit card companies to find out what consumers need to successfully execute chargebacks. The study revealed that: 


  • Among the credit card networks and issuers that responded, all have consumer-friendly chargeback policies and tend to favor the customer over the merchant;
  • Usually a merchant is charged back in the event that the merchant does not respond to a customer’s dispute; and,
  • The most common scenario in which the customer is not credited for a dispute is when a customer is unable to produce a receipt when claiming that a tip was inflated.



In a sales climate in which “the customer is always right,” how then can merchants minimize credit card chargebacks? The following best practices can offer relief from these annoying gremlins of credit card commerce:

Document, document, document

Kate McGinley, the owner of the Pittsburgh-based  McGinley Media, a nearly four-year-old web development and marketing firm with a staff of 11, has been an unfortunate and frequent victim of chargebacks. So much so that now every time her company performs a service for a client, McGinley always makes sure to produce a paper trail that will support and verify that the client received what they ordered. This due diligence was prompted in response to an incident that she says almost resulted in the closure of her business.

“I had a client who had my company build an app for thousands of dollars and then issued a chargeback, saying he never got it,” recalls McGinley. “He's currently selling the app in an app store. That chargeback was the biggest one [I’ve had]. After that experience, it became our policy to also send a flash drive with the code/graphics work we've done to the client. We also get delivery confirmation as well.”

Ask every cardholder for multiple IDs

“If [the name] doesn't match, do not allow the transaction to be consummated,” says Jim Angleton, president and CEO of Aegis FinServ Corp, a three-year-old prepaid debit and credit card issuer that frequently deals with small business clients.

Also, if the cardholder is asking for cash back, Angleton says the merchant should review the signatures on both the card and ID to see if they match.  But even then, the merchant still needs to exercise extreme caution.

“Cash back and possible returns can make for problems,” notes Angleton, who has nine employees in the U.S. and six in Central America. “I've seen unsuspecting employees give a full refund including the cash back.


Pay attention to each individual order

If you’re a larger company or website that processes a multitude of orders per day, this is a difficult best practice to follow, particularly if the orders are automated. But for Izzy Goodman, founder CCS Digital-Com, a family-run online operation that sells ink cartridges, it’s become the standard when dealing with customer orders and preventing fraud.


“Orders come in to us and we have to process them,” explains Goodman. “They don’t happen automatically. So we’ll catch such things as address or security code mismatches. We insist that the shipping address match the billing address—at least on the first order.”


Although some customers may get irked at Goodman’s extreme vigilance when it comes to verifying names and addresses, he insists it’s not only for his protection but theirs as well. He cites an example: “When a scammer got hold of my credit card number and ordered items to be shipped to a different address, my issuer flagged it as suspicious and called me. Yet there are people who routinely use their card and have items sent all over. Then they get upset when their cards are used fraudulently.”

Provide stellar customer service

It better not be merely good, but excellent, insists McGinley. “This mostly prevents chargebacks from those who may not like your product or service,” she adds. “By offering good customer service, you have the opportunity to fix the problem before the chargeback.”


When in doubt, e-mail the customer

To prevent online fraud, which can often result in chargebacks, this is a key takeaway, says Goodman.


“Scammers try to use a card quickly before it is reported stolen,” he says. “If you send an e-mail, scammers very often won't reply because they're too busy placing orders with all their different stolen cards.”


Understand your merchant agreement

“Read carefully your merchant agreement,” advises Angleton. “Make sure you understand the merchant discount percentage and costs associated with card acceptance and card processing. They should be in the range of 1.75 to 3.75 percent.”  He also counsels small business owners to carefully review their monthly and merchant statements for unknown charges, unknown fees and out of place chargebacks.



Have a liberal return policy

“If you can prove to the issuer that your customer can easily get a refund, they will deny the chargeback,” maintains Goodman. In this instance, he adds “there is no reason to do a chargeback unless it’s a scam.”


He also adds that in the past when a customer has done a chargeback several months after a transaction claiming product ineffectiveness, Goodman contacted the card issuer to explain that “it doesn’t take several months to discover [our ink cartridges] don’t work.”


Credit card chargebacks are vocational nuisances for all small business owners. But if you follow some precautionary measures, you will start minimizing them, if not squelching them entirely.

by amspcs

In tough economic times, small businesses seek out ways to cut expenses. One of the best places to start is to lower the cost of credit card processing.

Here are ten proven ideas that every merchant can and should implement. To learn more about each item, please refer to the resource links provided below.


1.) Minimize surcharges Circumventing terminal prompts such as bypassing Address Verification (AVS) or failing to settle batches properly cause transactions to downgrade to higher rates. Adhering to proper procedurees will reduce your rates.


2.) Avoid chargebacks A common avoidable chargeback reasons is unauthorized use of card. This is easily avoided when cashiers are trained to compare, check and verify signatures on each and every transaction.


3.) Consider adjusting your discounting method Does your processor have you on gross processing or net processing? Daily or monthly discounting? Does your particular business qualify for one plan over the other, and would you benefit from it? Learning these fine points can mean extra profit for your business.


4.) Discontinue the Merchant Club membership Many merchants pay $9.95 or more monthly for Merchant Club dues; not knowing this fee is optional. These programs offer benefits like free terminal repair and free supplies. In rare cases, it's worthwhile. But most merchants accomplish nothing more than spending over $100 per year for maybe $30 worth of free supplies; hardly a justifiable expense. Betters to buy supplies from a local office supply outlet, and opt out of the merchant club.


5.) Verify PCI Compliance In the wake of data breaches and identity thefts, Payment Card Industry (PCI) security standards is a serious matter. This involves the manner in which merchants safeguard and store customer credit card data, among other things. The processing industry has established well defined procedures and regulations, failure to adhere to which can lead to nasty fines. Small businesses are not immune. Contact your processor and make sure you are compliant.


6.) Update your processing equipment Replacing obsolete processing equipment can net significant monetary savings very quickly. Examples: Replacing a dial-up credit card machine with a wireless machine and dropping a costly dedicated telephone line can pay for itself in no time. Newer terminals supporting the latest security programming can actually reduce some discount rates. Newer machines using thermal paper eliminate the need for costly ink cartridges and ribbons altogether.


7.) Invest in a Pin Pad A pin pad and a subscription to a true debit gateway enables merchants to process pin debit as opposed to signature debit at greatly reduced costs. For example, the cost of processing a $500 sale could conceivably be reduced from over $8 to under $1 by processing as pin debit instead of signature debit.


8.) Don't fall for the Cold Call scam Unethical processing reps make their living by cold calling merchants, performing an audit of their merchant statements, and promising huge savings if the merchant switches processors. The problem is that it's a big lie; comparing real world numbers with contrived assumption-based fantasy scenarios isn't a valid comparison. More often than not, duped merchants find themselves locked into long-term contracts with higher processing fees than before. Legitimate mainstream processors simply don't operate this way. Their growth is based on performance and legitimate referrals, not by dispatching droves of amateur salespeople to knock on doors. If you are approached in this manner, make sure you run their 'offer' past your current processor before you sign off. Chances are he'll enlighten you to what it really is nonsense. And worst case scenario, if it's legitimate, he'll probably meet or beat it.


9.) Get rid of the No Checks Accepted sign True, the world pays mostly with plastic these days. But there are still millions of checks written every day, Most of them are good. Problem is, when you turn away all checks in hopes of avoiding the bad ones, you're turning away tons of good ones too! The fact is: With modern check guarantee technology, accepting checks is as secure as credit card acceptance, and often cheaper. Furthermore, there are legitimate service providers offering 100% free collection services for NSF checks. There's really no reason to give your competitor the advantage by handing over your check revenue business on a silver platter


10.) Take advantage of free training offered by your processor Legitimate credit card processors offer training to teach you and your staff the right and wrong ways to accept electronic payments. Take advantage of it. Training teaches how to avoid mistakes, surcharges, and chargebacks. How to properly settle your batch, when to run a void instead of a refund (there IS a difference), what to do (and not to do) when you get a decline response to avoid wasting dollars, and much more. If your processor does not offer training, you are being severely short-changed and overcharged.





To learn about CREDIT CARD SURCHARGES visit


To learn about CHARGEBACKS visit


To learn about DISCOUNTING METHODS, visit


To learn about PCI COMPLIANCE, visit


To learn about DEBIT PROCESSING, visit


To learn about SALES SCAMS, visit


To learn about CHECK GUARANTEE services, visit


To learn about FREE CHECK COLLECTION, visit


Barry Godofsky operates Automated Merchant Solutions, Inc., a Florida based Independent Sales Office (ISO) representing several of the largest credit card processing Acquirer institutions in the nation. For more information regarding small business credit card processing issues including unbiased tips, FAQs, and resources, please visit
Rate Reduction Strategies That Work

By amspcs

Has this happened to you? A credit cards merchant account salesperson sold you on a really low credit card discount processing rate. You thought you negotiated a pretty good deal. But lo and behold, you realize that you're paying much more than expected! What happened? And what can you do about it?

The culprit in the above scenario is merchant lack of understanding of "Interchange", the price structure of credit card transaction processing. Without this knowledge, the process of selecting merchant account service processors is usually limited to phoning every processor in the yellow pages and signing on with whoever quotes the lowest 'rate'. The reasoning : 'low rate' equates to 'low cost'. Therein lies the problem.


"Interchange defined"

Interchange is the wholesale price structure of credit card transaction services charged by Visa USA and MasterCard Worldwide to processors. The processors in turn mark up and re-sell these services to credit card accepting businesses, not unlike any other wholesale-retail relationship. Wholesale interchange is exactly the same for all U.S processors large and small, although low-risk and mega merchants enjoy the volume leverage of being able to purchase processing services from processors at smaller profit margins than small businesses are.

The flaw in the 'lowest rate wins' strategy is that merchants mistakenly assume the low rate quoted will apply to all of their transactions. Not so. Interchange in fact comprises some 125 separate rate categories, each of which is assigned a unique qualification criteria and corresponding price structure. The typical merchant will knowingly or otherwise process cards in several of these categories, not just one, and will pay appropriate surcharge rates for each. The low advertised rate is nothing more than a starting point for the entire spectrum of interchange charges.

Reasons for processing surcharges include:

  • HOW a card is presented affects rate. For example, Swiped vs. non-swiped. Card present vs. mail/phone order. AVS match or mismatch.
  • The TYPE of credit card processed accounts for many increased pricing criteria. Among them: Business (as opposed to personal) cards, foreign cards , rewards cards, purchasing cards and so on always result in increased rates.
  • POS equipment may affect rate structure. Older equipment unable to accommodate fully compliant processing software may lead to transactions being downgraded to higher rates.

The significance of this to the merchant is:

When a credit card processing service is selected solely on the basis of one singular advertised 'cheap' merchant account rate quote -often a loss leader--by necessity (no business can sell for below their dead cost....right?) the advertised teaser rate will apply only to a limited number (if any) of the credit card transactions processed by the business, based on very narrow interchange criteria. The remainder of the merchant's transactions that do NOT meet these criteria to qualify for the low rate quoted will be downgraded to a higher rate interchange category, thus allowing the processor to make up his margin and then some.

These higher rate categories will include ALL of the following:

  • non-swiped sales
  • rewards card sales
  • business card transactions
  • foreign cards
  • government purchasing cards
  • everything except personal swiped domestic cards

These non qualified fees compensate for, probably many times over, the low teaser rate afforded by the minority of the transaction volume. As a result, the actual fee paid by the merchant won't remotely resemble the low rate expected. This results in a quite unusual circumstance that many people find impossible to grasp: The lowest rate quotes result in the HIGHEST net cost to the merchant, not the lowest as one might expect. . Strange but true.

Three strategies to avoid this pitfall:

When evaluating a credit card acceptance account (or shopping for a new account), insist on disclosure of all interchange rates involved, not just the 'advertised' rate. The goal is to get the lowest rates in the interchange categories where your business will be, not just the lowest top tier rate quote.

To circumvent rate downgrade increases for incorrect data entry procedures, insist on on-site training by your processor to assure that your staff understands the proper procedures necessary to qualify for the lowest rates. Merchants using no frills processors who skimp on training and support-skimping on services is how they are able to offer cheaper rates in the first place-- are particularly vulnerable to unnecessary non-compliance surcharges.

Have your processor audit your merchant statement periodically to detect any changes in your credit card qualification criteria mix and make adjustments as necessary. Some merchants are still using the same antiquated processing schedule they used on the day they first opened their doors. A program geared to how you do business today, not five years ago, may result in significant processing savings..

Barry Godofsky operates Automated Merchant Solutions, Inc., a Florida based Independent Sales Office (ISO) representing several of the largest credit card processing Acquirer institutions in the nation. For more information regarding small business credit card processing issues including unbiased tips, FAQs, and resources, please visit
SBC Team

Are You Compliant

Posted by SBC Team Apr 17, 2008
PCI Compliance
If you don't understand the current Payment Card Industry guidelines for your business, you may be putting yourself and your customers at risk

By Reed Richardson

Over the past three decades, as our society has increasingly shifted toward one where both consumers and merchants prefer credit over cash (as a recent Visa commercial not so subtly pointed out), the threats from fraud have also radically increased. Gone are the days when criminals are satisfied with the paper bills in your wallet, now they really want the numbers on the plastic in your purse. So, protecting all this financial data, which can be found everywhere from credit cards to company databases to online servers, must now be a major focus of even the smallest of businesses.



Make no mistake: Credit card fraud is expensive. In fact, it cost U.S. consumers and businesses an estimated $3.2 billion in 2007, up more than 35% from just four years earlier, according to a tracking study by Celent Communications. In fact, credit card security is now a major or moderate concern of more than three quarters of the population. And though small retailers have-so far-not been hit as hard, another recent survey found that as many as one out of six had experienced online credit card fraud losses totaling more than 1% of their annual revenue.

Therefore, after years of merchant confusion concerning different brand-specific requirements, along with the continuation of massive credit card data breaches, the five major credit card issuers joined together to create a single standard for protecting credit card data. As a result, the Payment Card Industry, or PCI as it's known, which consists of Visa, MasterCard, American Express, DiscoverCard, and JCB International (a Japanese credit card issuer), finally established an industry wide protocol of best practices in June 2005 called the PCI Data Security Standard (PCI DSS). The goal of the PCI DSS is to reassure customers that their credit card data and transaction information is safe from hackers or any other malicious system intrusion.

"But I only process a few credit card payments a week on my website, do these new rules apply to my small business?" you might ask. The likely answer is yes. "The rule of thumb is this: If you house credit card information, in whatever form, if you house the information in your server-the server that you own or you added-then you are basically responsible for complying with PCI DSS," explains Khalid Kark, an analyst with Forrest Research.

Get the Facts: Know Your Classification
To promote its compliance efforts, the PCI set up a website devoted to helping businesses understand these new expectations. Fortunately, the PCI recognized that data security, as well as the ability to invest in it, varies greatly depending on the size of the company. Accordingly, the PCI separates merchants into four different levels, sorting them by their total annual credit card transactions. Most small companies fall under either Level 3 or 4 (less than one million annual Visa or MasterCard transactions) with the distinction between Levels 3 and 4 figured by how robust their online retail presence is (Level 3 companies are defined as having between 20,000 and one million annual e-commerce transactions, Level 4 firms are under 20,000 a year).

Spurred on by massive data security breaches like the one experienced by retailing giant TJX in 2005 and 2006 where the company took a $40.9 million hit to settle a lawsuit after it compromised more than 45 million Visa accounts the PCI initially focused on bringing larger, Level 1 firms into the fold. Smaller businesses were able to meet the PCI's 12 requirements through a less rigorous process that involved taking an annual risk assessment questionnaire and conducting quarterly network scanning. Both methods are fairly affordable for small businesses; the self assessment is free and many PCI approved scanning vendors (ASVs) charge between $12 and $40 a month for their services.

Recently, however, the PCI has broadened its focus to smaller companies for two main reasons: volume and vulnerability. Despite their small size, Level 4 merchants still account for 99% of all credit card merchants and, because of their limited resources, all these companies are more susceptible to security breaches. "Usually, Level 4 merchants do not have the technical expertise, nor the IT staff, to properly secure card holder data," notes Aaron Biddar, president of one of the PCI approved scanning vendors, ControlScan. "So, if I am a hacker, I'm going to go to the merchant that I know cannot afford the proper security or staff to mitigate that type of breach." As a result, Visa unveiled a new Level 4 merchant compliance program last May that seeks to educate small businesses on risk-profiling strategies and how to minimize the amount of customer data that they store.

The Risks of Non Compliance Are High
The role that the individual credit card companies play in the PCI compliance effort should not be overlooked. That's because enforcement of PCI compliance infractions is left to the specific credit card companies, like Visa, and their patience for non-compliance is quickly wearing thin. (In 2006, Visa alone levied almost $5 million in fines and, last year, the company imposed an $880,000 penalty against the bank complicit in TJX's mishandled credit card data.) Although most fines and penalties levied by the credit card companies target banks rather than small businesses themselves, there is a still a significant financial incentive to comply-it only takes one confirmed data breach at a Level 4 merchant to get that company reclassified to Level 1, which requires much more comprehensive and expensive security checks and audits.

Unfortunately, many businesses both large and small remain completely unaware of the PCI's requirements and the potential trouble their company could encounter if they don't comply soon. In fact, a recent poll on the PCI compliance website found a plurality of business owners 29% didn't even know their merchant level classification and a mere 11% said that they were currently in compliance. And, as might be expected, many myths about the topic have also blossomed.

In the end, PCI compliance should be considered just another cost of doing business in today's credit obsessed world. And though it might require an outlay of some capital and be a bit of an inconvenience, consider the cost of not safeguarding your customer's credit card data in terms of your company's reputation and ability to fight a long, protracted lawsuit. That's a price no small business is willing to pay.

Safety Is Important Online Too
In an interview on in October of last year, John Munsell, founder and CEO of Bizzuka, a web design and development firm noted that online shoppers should make sure that their any business website where they plan to make a transaction should display a symbol verifying that it uses an approved scanning vendor, such as Scan Alert (Hacker Safe logo), ControlScan, Cybertrust, and VeriSign. "Merchants," he said, "should make sure that their vendors provide PCI compliance before proceeding." Also, he recommended checking to make sure that compliance by the vendor is ongoing, and not just during the delivery phase of the website. "I've seen a lot of merchants buy a shopping cart that was PCI compliant at the time of delivery, but 48 hours later, the cart became non-compliant and the vendor either disappeared or asked for more money to retain compliance."

The Data Less Retailer?
Still, Joe LaRocca, vice president of loss prevention for the National Retail Federation pointed out in an article on that organization's website recently that PCI compliance does not necessarily guarantee that a retailer is safe from having their customer data compromised. As a remedy, his organization is calling on banks and credit card companies to stop requiring merchants to store credit data in any manner. (Currently, retailers must store credit card numbers for up to 18 months in order to manage refunds, etc.) "If the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place," LaRocca explained. "If you're not storing any credit card data, there's no incentive for the criminals to breach your systems."

Reed Richardson is an associate editor/writer for Business Minds magazine.

Community Actions

Filter Article

By author: By date:
By tag: