Durbin's Interchange Amendment passes into Law with HR 4173

 Email Article |  Twitter |  Facebook |   LinkedIn 

On July 21st 2010 President Obama signed into law, Barney Franks Restoring American Financial Stability Act of 2010.  The purpose of the bill is to protect American consumers from abusive financial practices and create accountability and transparency in our financial systems.  Some of the specifics of the Act can be read from the actual bill (link above) or Wikipedia already offers a solid outline on the regulatory agency's and issues - check it out.

Tucked neatly inside the bill is what interests us - the Durbin Amendment .  In basic terms, the bill amendment gives the Federal Reserve final say on whether or not debit card interchange fees proposed by Visa and MasterCard are reasonable and proportional to the actual processing costs. It would also allow merchants to offer discounts for non-card purchases as well as the power to set minimum/maximum card purchase amounts.  Not surprisingly the amendment was strongly supported by our largest retailers and merchant groups, claiming their lower costs would also benefit the consumers via a lower cost of goods.

Like the rest of the law - it will take time to clarify, study and then finally implement - and the federal government has a year to determine what reasonable and proportional is.  Banks with assets under $10 billion are exempt from the regulation.

Advocates of the amendment often refer to all interchange as a "hidden tax", but interchange was introduced with credit cards and why is this cost of doing business different from the cost of utilities, shipping, and various overhead that we know from business 101 is incorporated into the cost of goods sold?  A May 2010 article in the WSJ was the first I've read lambasting what we tend to forget - cards have been a coup for retailers and consumers.  The consumer gets protection in the case of a bad purchase or return policy, rewards, efficient tracking and reporting on purchases, payment convenience and the retailer increases sales, reduces theft at the register, limits fraudulent checks, etc.  There ARE benefits. 

So what's going to happen?  the fall out as it were? only time will tell but there are lots of opinions out there, some pro the regulation, some not so much.

No one knows for sure but here's what's being bandied about -

• Merchants - will set minimum purchase amounts for consumers to use cards, may offer cash discounts or charge a surcharge to use a credit card (that's gonna hurt), and will see lower processing costs for debit cards if the Fed's say current rates are too high.  Will savings be passed along to the consumer/buyer - most guess no. 
• Banks - have billions in revenue at stake that may be lost.  If this happens chances are consumers will see an uptick in other fees - checking accounts, annual credit and even debit card fees, etc.  Rewards programs could be eliminated. Banks are not non-profit entitys - if they lose money in one area - they will look to create it in others.  The consumer will pay the price.
• Buyers/Consumers - may lose the ability to make low end purchases with a debit card (under $10? under $20?), will see an increase in overall banking fees, credit could get tighter if banks tighten reins because their capital base is squeezed, more limited payment options.
• Community Banks and Credit Unions - not included in the regulation if revenues are under $10 billion,  were not pro its passage.  They worry that merchants will find a way to not accept their cards at the POS because of the higher interchange costs and they will not be competitive in issuing debit cards - may lose customers.

Most surmise that the only group that will benefit of course, are merchants, whose cost of accepting debit cards will likely go down. We'll see.

In the meantime, we are in agreement with a recent June article by Kate Fitzgerald in ISO & Agent Weekly - an industry rag - where she quotes a report by the Mercator Advisory Group -

"The amendment "appears to largely view debit payments as though they were a 'public utility,' failing to recognize the substantial innovations and competition occurring in this area surrounding fraud and security needs, risk assessment, timely settlement, guaranteed payment, and other social benefits."  Interchange represents the cost of a business to business transaction in an remarkably competitive market with rapid innovation. Who should determine this cost? Who determines your cost of goods? your services? 

Whatever happens, we'll let you know....keep an eye on that bank account - associated costs may grow next year, and for gosh sakes carry cash... in some instances, it may become your only payment option. One step forward, two steps back?

Square, Mobile Credit Card Processing and Jack Dorsey

 Email Article |  Twitter |  Facebook |   LinkedIn 

K - we promised more on this and Dorsey and Square are moving along in Beta, press, pricing and more - let's talk!

First - take a look at our first blog re Dorsey's Square - the card reader, the premise and the promise of a very unique credit card processing product - with your iPhone or Droid.  Awesome.  What's new since our first writing...

Pricing - it's out.  Currently Square is charging 2.75% of the sale and 15 cents/transaction for card present and 3.75% for keyed transactions (card not present - always more costly).  As far as standard industry pricing goes - the swiped fee is high, the keyed is high, the transaction cost is pretty average. Square does not take into account standard industry discount pricing (qual, mid qual and non qual).  No costs for payment gateways though, or PCI, statements or monthly minimums - attractive...if you are a merchant with low processing volume.

A recent Fast Company article by Noah Robischon touts the device as an evolution and "champion" in the big bad credit card processing industry (we suffer this indignity a lot but I like this rag...must they???).  We AGREE with Fast Company - we like the product - it's cool and of a new era but take umbrage with a few liberties in the article and well, portions of the Square site and claims.

The article -

1. The "disruption that could be caused by Square in the convoluted credit card system".  Ah convoluted - agreed - we'd like things (i.e. all those interchange rates) to be simpler (like taxes maybe?) but credit card system?  card issuing and acceptance are far from one and the same - vague terms like these are confusing and muddy the waters.
2. "the card company"...same thing. This is? Visa? MasterCard? the issuing bank? the ISO (independent sales organization?) - all different interests and roles.
3. Merchant Fees and chargebacks are deducted at the month end making it difficult for businesses to gauge cash flow? (Square settles daily)  Um, anytime a merchant likes he can opt for daily assessments, in fact, if you have lousy credit the processor will insist - it's not a plus and inhibits cash flow.  Why pay daily when you can divy up at the months end?) - and todays processors give merchants 24/7 real time access to the daily details of their transactions, chargebacks, sales volume, and costs - todays merchant is more savvy than Robischon gives credit and so is the big bad processor. 
4. As a "result of the financial crisis, more and more of a microscope is being placed on this industry".  The scrutiny of interchange has rightly been in place for a long time - long before the financial crisis caused in large part by the subprime housing debacle.
5. Square has a more transparent pricing alternative.  Since Visa and Mastercard went public - wholesale pricing has been available to every size merchant - it doesn't get any more transparent than cost plus.
6. A Free "reader" - don't know a merchant account provider today that isn't giving away equipment - old hat.

Don't get me wrong - we like the concept of Square!  but with 1000 "Beta" users already, I doubt Visa or MasterCard is sweating bullets that this is what will evolutionize electronic payments. We still maintain that the concept and product serves a unique market - P2P payments and the small volume merchant.  Neat product - disappointing article.

The Square site and cost comparisons to a "typical merchant account" - oh come on - have you googled merchant account lately??

1. No contracts - pulllleeeaze - 17 pages of terms and conditions covering underwriting, card network rules, reserves, PSA (payment services agreement) that must be signed prior to processing, no guarantee or warranty that service will work or be available and well, so on. 
2. Free Reader - already addressed this - you want a free one - ask any merchant provider - no problem.  You want a free, wireless credit card processing terminal? - they'll probably give you that too....
3. Free setup - Google please - we've been providing free applications and set up for YEARS and so is just about everyone else.
4. Card present discount rate???  1.79 quoted by Fast Company as industry average - close - pretty ballsy of Dorsey to claim 2.9%.!

Lastly, when you don't get funded or your money is held in reserve - who ya gonna call?  Not Square - I guess you can email though.  I can think of at least a million merchants who definitely might not like that.

Come on guys - we like your product... it is techie, gadgety cool - but let's make sure we put it ALL out there.  Squares terms and conditions (contracts in laymen terms) also notes transaction limits on the site - but we can't find'em - crucial to processing merchants....don't want to get that big order only to have the funds held because of going over the established "limits".

We don't like the complexity of the industry any more than our merchants do (try training new staff!) - but the issue is not as black and white as some such as Robischon would make it out to be.

Payment Card Industry Data Security Standards and the Law

 Email Article |  Twitter |  Facebook |   LinkedIn 

PCI DSS continues to create questions for our merchants. 

Who created the standards? Are they law ? (very nice but do we have to?) who's enforcing all this stuff? and so on.

The standards are developed by a security council comprised of the major card brands and most everything you need to know can be found on their site -  PCI Security Standards Council.  You can find merchant requirements by size right here on our PCI DSS blog.

Enforcement and the law are other issues.

Currently PCI DSS is "enforced" by the card brands and put in place by payment processors.  The processor works with each merchant and merchant account to ensure standards are met and the merchant is charged for the cost of compliance.  Merchants found to be out of compliance, who experience a data breach, can be fined by Visa or MasterCard and risk losing credit card processing privileges (think livelihood folks).

Two issues stand out when it comes to the law, merchants and securing the confidential data of consumers using credit cards to purchase goods and services - notification of data breaches and PCI DSS compliance. 

Data Breach Notification.  If a breach is detected by a merchant...do they have to tell and WHO do they have to tell?  Currently and amazingly, there is no federal law legislating actions regarding a data breach though they are in the works.  S.139 - the Data Breach Notification Act is still alive but hasn't gone any further since November of 2009, H.R.2221 Data Accountability and Trust Act - last point of action- was passed in the House in Dec. 2009.  These things take time. 

Your state may be another story.  Since 2002 and California's SB1386, many states have enacted notification laws requiring companys to notify consumers if their data has been lost or "compromised".  Typically the laws address what must be reported to the consumer - type of data compromised, who must report the breach, how consumers will be notified (electronically, in writing, etc.) and how quickly. 

While each law is different, in addition to notification - legislature seems to be moving towards merchant liability in security breaches (maybe data security ISN'T such a bad idea!).  In other words, states are also enacting PCI DSS compliance law.

The state of Minnesota is the first to make merchants (2007) not compliant with PCI DSS liable for associated financial institution costs in instances of security breaches (i.e. reissuing cards, customer refunds for unauthorized charges, closing and reopening accounts, etc.).  Could be costly.

In 2009 Nevada updated its encryption law to mandate all businesses in the state that accept credit and debit cards be PCI DSS compliant - pretty strong statement.  In March of 2010, Washington enacted merchant liability laws relevant to PCI DSS compliance similar to that of Minnesota.  Businesses with a breach, found to be out of compliance, will be held financially responsible for costs associated from the incident.  Merchants take note - these laws apply to out of state businesses transacting business in the state. 

It's worth noting here I guess that some of these new laws are relevant only to merchants handling a large number of transactions or level I merchants.  We suspect however, that not only will other states follow suit but to some degree, eventually - all levels of merchants will be held liable for compliance.

Moral of the story?  PCI DSS is not going away.  Expect standards to get tougher if anything and while the federal government is lagging - states are taking steps to protect consumer card data.  If you're a credit card processing merchant - you should be too.

Mobile Credit Card Processing with a Wireless Credit Card Terminal.

 Email Article |  Twitter |  Facebook |   LinkedIn 

So we touched on the iphone wireless or mobile processing first - with Verifone's PAYware and of course Square . Revisit these pages for the pros and cons of each, where the products and services are at in development, and of course, the costs.

Let's jump to the top of the line then and discuss processing with a wireless or mobile credit card processing terminal - because it's different and these units have been available for some time.

What's the merchant application?  Anybody who processes cards regularly, johnny-on-the-spot.  You might be a busy contractor - with subs maybe or run a heating and air conditioning or plumbing service, delivery/service business/,taxi, etc. - you get the picture.

One example of a terminal for this purpose is the Nurit 8020 - an upgrade to the Nurit 8000 from Verifone. Keep in mind there are plenty of wireless terminals to choose from - but this one certainly fits many a wireless application (YES, XBS markets these terminals!).

This is a PCI compliant wireless credit card machine that uses the GPRS (General Packet Radio Service) network; a high speed data transfer service available in the US through carriers like T-mobile, AT & T, Cingular, etc.  The dependability of the coverage provided by these carriers is improving, though initially it was limited to metropolitan areas. 

So what do you get with the wireless credit card machine that you don't get with iPhone processing?  an all in one processing solution - mobile, light weight, compact that includes -

• a thermal printer (drop a paper roll in and away you go)- iPhones do not have printers (they can connect to one via blue tooth compatibility but the solution "grows bulky").  A receipt of the transaction can certainly be "emailed".
• an internal pin pad - for pin based debit (fastest growing payment method today....).  iPhones cannot process pin based transactions currently.
• Wireless options include  GPRS and Wi-Fi (WAN).
• Large, backlit graphical display, 18 key keypad, touch screen and stylus for electronic signature....

So down to the ditty....what's it cost, as it relates to our iPhone processing options?

The terminal can cost up to $650 - less if you buy from the merchant account provider - who often discount the equipment (at least XBS does).  I guess it would be fair to compare that to an iPhone or Blackberry cost - $300 and up possible.  Of course the terminal cannot be used as a phone.

You must pay for the monthy wireless connection - $15-$20/month should cover it. If you didn't know - you pay the wireless fee PER terminal.  In the case of the iPhone remember - it would be typical to pay for your phone service AND a payment gateway ($10-$20/month).  The wireless credit card terminal sends data direct to the Visa/MasterCard network via the GPRS (remember AT & T, T-mobile etc. wireless provider) - NO payment gateway required - no payment gateway fee.

The wireless service charges a transaction fee - .10/transaction approximately.  This transaction fee is on top of the transaction fee you owe the payment processor - you do need a merchant account with this terminal.  Merchant account fees are dependent on who you do business with - we recommend us.

Time to create a comparison chart I think.  I'm on it - next post.  In the meantime - for the true, mobile merchant with a host of "hired hands" delivering goods and services that require payment collection at the point of delivery - a wireless credit card processing terminal is a safe bet.  It's a swiped, real-time authorized transaction with card present low rates - with a receipt at the ready for your customer.  Professional, secure, money in the bank....you can't beat that. 

VeriFone's PAYware Mobile - Mobile Processing with Apple's iPhone

 Email Article |  Twitter |  Facebook |   LinkedIn 

So we promised to continue our "mobile merchant account" discussion, starting by unveiling the latest and the greatest (see our take on Dorsey's Square for the iPhone).

Next up is what the payment's world is touting as Square's competitor in the marketplace - VeriFone's PAYware Mobile (VPM)- a complete processing solution for yet again - Apple's iPhone.  What's the ditty? 

Three components of the VPM solution:

A durable card reader that slips over Apple's iPhone.  Allows merchant to to process card present transactions - lowering the cost and risk of the transaction.

The PAYware Mobile Gateway - a secure payment gateway for transaction processing - connected to the First Data platform but touted as compatible with other processors with some "app manipulation" (we're okay with First Data!)

The PAYware Mobile App - a free application downloadable to your iPhone - when paired with the gateway and card reader - enables the iPhone to accept secure credit card payments - anywhere, anytime.   

So what's the difference between Square and this brand new smoking hot mobile processing solution from VeriFone?

• Square's still in Beta.  Testing 1, 2, 3.  PAYware is on.
• Security - VeriFone is a trusted leader in POS solutions in the electronic payments industry AND the PAYware Mobile card reader encrypts the data at the swipe - (see PCI DSS folks). Square security is iffy - no encryption that we no of....Mr. Dorsey specializes in social media - i.e. Twitter, NOT credit card processing.
• Currently - the VeriFone solution only works with the iPhone 3G or 3GS -Squares method (hardware plugs into the headphone jack) is preparing for further mobile device compatibility.  Reviewers so far however, seem to like the solidity and fit of the VeriFone card reader when compared to the Square.
• Costs - So far VeriFone is noting a $49 activation fee and $15/month for the payment gateway and .17/transaction fee
• Merchant Account - you need one.  Doesn't come with the product.  Hmmm - this means -

1. VeriFone PAYware Mobile costs are on top of the costs you are already paying for your merchant account or will pay when you get one.
2. It negates some of the unknowns and drawbacks we outlined regarding Square, it's costs, (not sure) and limitations, i.e. ticket parameters, reserves, lack of fund control, timeliness of funds, impact on cash flow (again - we just don't know and when it comes to business and money - we NEED to know).

We still contend - like others, that Dorsey's Square seems far more suitable for the now and again, person to person payment than for a small business looking to increase revenues and cash flow with quick, efficient, and SECURE credit card processing through use of Apple's iPhone - all depends on your needs I guess.

That get's back to what we do! Electronic payment professionals at XBS assess the needs of each individual business we work with - we'll tell you straight up and point you in an "educated" direction. 

When it comes to processing electronic payments, ignorance is not bliss - it's risky.   

Interchange Fees - Will Banks Enjoy a Reprieve Amid the Chaos?

 Email Article |  Twitter |  Facebook |   LinkedIn 

And by chaos you know what I mean - the financial debacle in the US, right now.  The Dow's up -but for how long? Lending is non-existent, bankers are still drawing some ah, unusual salaries and bonuses and now Barney Frank of the House Financial Services Committee says the issue of interchange fees is not on the 2010 agenda.

Arggghhhh.  That's for my merchant friends.  I can tell by the way they hang up when we call them to market our electronic payment services that they are confused about what we do....we don't make money on interchange.  We do collect interchange fees for card issuing banks for each credit or debit card transaction run by our merchants.  We PROCESS the transaction.  Whew!  just wanted to clarify... again. 

If you're still confused about interchange revisit our blog on the issue -you're certainly not alone. 

What is of concern is the rising cost of these fees - set by VISA and MasterCard and paid to the banks that issue their branded cards - for the merchants that pay them.  Merchants and advocacy groups have been pushing for years for interchange fee regulation and caps - claiming the fees force them to raise the costs of their goods and services to the consumer.  Maybe.

Unfortunately the issue is complex.  Will the regulation of fees really mean a cost reduction on the consumer end of things?  A November 2009 article in the New York Times examines the outcome of just such an act when the Australian government stepped up in 2003, cutting merchant fees in half.  The results have been predictable - tough to sort through. 

While merchants are paying less - it would seem sometimes the consumer is paying more - with less available credit, fewer or shrunken rewards programs (no!), higher annual credit card fees, and shorter time periods before the accumulation of interest on balances.

More bizarre is the unexpected surcharges by Australian retailers and merchants to the consumer that uses a credit card (not allowed currently by the card networks but with deregulation....) - and this after their own costs have been lowered.  Not only are some merchants covering costs with the surcharges, some are making a profit. Now that's a fine how do you do! 

Yes, US banks make billions from interchange fees.  They have lobbied hard against government intervention and claim that the consumer will experience rising costs with credit card use and fewer benefits should the fees be capped or regulated. Again, maybe.

Of course last year keep in mind - a new trend developed that will no doubt ooze into 2010, maybe even beyond - record losses.  In yet another NY Times article last year, Banks Brace for Credit Card Write Offs, authors Dash and Martin tout estimates of between 82.4 to 186 billion in overall losses for card issuing banks, as the US continues to shed jobs and with that, the ability of Americans to pay their credit card bills.

What to believe? What to do?

Only that at the very least, for 2010 anyway - interchange fees will remain intact - plan on it.  Merchants should be aware of costs and educate themselves on how to implement cost saving processing methods.  The credit card processing industry seems hell bent on ever increasing complexity. 

To do this, you need an electronic payments professional you can count on, not entry level sales staff.  That's just the way it is.  ASK your provider...how long have you been in this industry? Review your methods and pricing, secure a professional relationship and focus on what you do best - you're own products and services.

Mobile Merchant Accounts, P2P, Square and All That Jazz

 Email Article |  Twitter |  Facebook |   LinkedIn 

All of the December 2009 and January 2010 credit card processing industry rags are touting mobile payments as "the thing" in 2010.  Growth, applications, and opportunities are arriving rapid fire - and so we're going to try help our merchants sort it all out (I'm dancing as fast as I can).

So....let's launch with the newest gadgetry that's creating a great deal of buzz...Square.

Jack Dorsey, founder of twitter (very cool we agree) -announced a new venture - development of mobile payment technology compatible with Apple's iPhone called Square.  The hardware and service is in "beta" mode (just testing so chill folks) but it sure has raised a ruckus of attention in the online community. 

The ruckus is two fold -

One is WOW that's mobility in a small convenient package.  The Square, is little, plugs directly into the IPhone, and allows the iPhone user to accept a credit card payment from anyone, anywhere - swiped (lower risk).

Two - it comes with the merchant account with a simple, flat rate transaction fee (no rates on the website so we only have rumors and tweets for info).  Excuse me?  No application, no underwriting?  Fascinating.

Jeff Green, Editor-in-Chief of Payments Source - talks about the device and service in his Editors Letter in the January/February 2010 issue. It's exciting and Dorsey's getting a lot of publicity, but things are all quite vague when it comes to the payments processing and Green notes in his letter that perhaps Square will act as an payments aggregator, such as PayPal, running all of the transactions through their own merchant account.  All still up in the air - but a quick gander at the site turns up a few vital points for our small business friends always looking to reduce costs we know -

• Square touts No contracts - I printed 17 pages worth of Square "Service Agreements and Payment Services Agreements" right off the site.  Most of us don't need to check with an attorney to know what that means - legal agreement = contract.  There might not be a length of service contract but anybody taking money from and delivering to, bank accounts electronically is working on a contract - has to be.  In this case apparently there may even be two - one with square and if they deem it so, one directly with the payment processor.

The Square Service Agreement -

• No warranty - this one's pretty clear - at this poing in time Square does not guarantee it's service - for availability, dependability or risk. No mention of PCI DSS. 
• Communications - electronic only currently - no matter what your question or issue - no calling'em.

The Payment Services Agreement-

• Reserves - "Reasonably determined" - new accounts have to have one (I'm guessing that's everybody) equal to 14 days of sales activity plus pending disputes.  The reserve could be raised or removed based on activity, credit reviews etc.   If you don't keep sufficient funds in the reserve it may get funded from your Square Account, i.e. credit card processing sales.
• Transaction limits - Square accounts have transaction limits - no idea what these are yet - stay tuned.
• You need to provide a written receipt to your customers for any transaction over $15 - you can give the customer the option to decline it of course and you can offer an email receipt, but not in lieu of.
• Availability of Funds - doesn't say when you get your money - 2 days? 3? 5?  just that Square can limit your access to your Square account funds if they feel they are at financial risk or other agreement parameters are in dispute.
• Fees - doesn't say. 

Ok - so remember Square is in Beta - I'm sure they'll work out these kinks but at quick glance we can't help but think these current questions raise some real issues for businesses.  The application does seem fun for P2P (person to person) payments - think garage sales, girl scout cookies, PTA fundraisers, etc. or maybe the handyman, lawn guy, tupperware and avon lady, that doesn't do enough processing to warrant their own merchant account but wants to offer the convenience of credit card sales.  That's cool. 

The term small business is pretty broad though.  Most merchants we service need electronic payments professionals to navigate POS equipment, funding and value added services above and beyond the "merchant account". 

Today there are a number of overwhelming factors that impact a merchant's ability to process credit cards securely AND profitably.  Merchant account agreements are indeed complex and typically include 8-12 types of fees depending on the type of card used in the sale as well as the method and equipment used in the processing.  Cash flow, prompt funding, fees and rates, PCI DSS are essentials for processing success and a casual approach isn't recommended. 

We'll be hearing more about Square for sure - I'll keep you posted - in the mean time - think payments professional to answer your processing questions about rates, equipment and "going mobile with your business".

Merchant Account Cash Advance - Is it an Option for You?

 Email Article |  Twitter |  Facebook |   LinkedIn 

I waited to write this post, in hopes that the new year would wreak some sense out of the chaos regarding the "credit crunch" that has besieged US businesses.  The information "out there" is ...conflicting at best.  But you don't have to be a news junkie to get the gist - US businesses are failing at alarming rates - and cash flow seems to be a predominant issue. 

According to the American Bankruptcy Institute - an organization that tracks insolvency in this country, business bankruptcies increased by 44% from 2006 to 2007, and 54% from 2007 to 2008. Ouch.

Ironically, a recent article in the December 2009 issue of CFO poses the argument that access to credit is not at issue - and the "contraction in small-business credit is actually due to a lack of demand".  Is this possible? The author Alix Stuart goes on to cite a survey by the National Federation of Independent Business (NFIB) in September in which only 10% of 827 small business owners surveyed said they couldn't access financing.

What's with all the bankruptcies then?

The fact remains that SBA lending between September of 2008 and 2009 was down by 35% (remember even with SBA backing - it's your bank's money being loaned).  Even private investment in US small business remains markedly low when compared to recent years.

General consensus despite the naysayers remains - access to capital for todays new and veteran business owner remains negligible.

Merchant cash advance for processing merchants remains an option for access to capital.  This advance is based on a merchants future credit card processing sales.  Unlike a traditional loan there is no set payment amount because payments are based on a percentage of the monthly credit card sales volume and as such fluctuates with the merchants income - a big plus. 

Remember some of the other benefits we've touted in our blog post - no personal guaranty, quick approval times, fast cash in the bank, etc.  The drawback is typical of fast money - cash advances can be costly....but if the alternative is bankruptcy, is it worth it?

Unlike in years past, even merchant cash advance providers are taking a closer look at the merchants they work with.  Merchants must show a processing history of 4 months to even a year as well as a certain monthly volume in sales, may be asked to produce an active property lease, and/or may even have their credit checked (say it ain't so! is there no end to the scrutiny?).

As a merchant account cash advance provider we don't claim to know or provide advice as to whether this option is a good one for each and every one of our very unique merchants...but we can't help but think it's a viable one - if bankruptcy is looming. 

Typical merchant use for cash advance use to be things like paying taxes and remodeling, but our industry is touting new uses by their merchants with the money advanced on future sales.  Not just in survival mode, merchants are using the money to refine their product lines or tweaking their brands in reaction to the marketplace. 

We like this.

Ecommerce, SSL and SSL Certificates

 Email Article |  Twitter |  Facebook |   LinkedIn 

I've put this blog off - it can be confusing stuff.  But frankly, given the number of merchants involved in online sales or ecommerce - now's the time.  You need an SSL certificate if you sell online, supply a site log in, process sensitive data or simply want to instill trust.

SSL was introduced in 1994 - and stands for Secure Socket Layer.  SSL is the standard for ecommerce transaction security enabling encryption of all of your customers sensitive data, including credit card and other uniquely identifying information.  Todays recommended minimum encryption standard is 128 bit and in order to provide this you'll need a SSL certificate with SGC (server grade cryptography) capability.

SSL Certificates.  This digital certificate sits on your secure web server and is used to to perform the actual encryption. Each certificate has what is called a private and public key.  The private key encrypts data, the public key deciphers it.  When a customers web browser points to a certified domain - the SSL technology authenticates both the domain and the browser.  A unique session  "key" is established as is an encryption method and a secure transaction can be made. 

There are different types of SSL Certificates such as -

• organizational validated (ov)
• domain validated (dv)
• most recent - extended validated (ev)

SSL Certificates trigger the browser to display a closed padlock and the https prefix in the browser window.  With an EV certificate, besides a more vigorous application process, the browser bar is color coded green to indicate the top validation in SSL and turns red when an unsecure or untrustworthy site is encountered.

Where do you get an SSL certificate?  XBS recommends SSL certificates issued by CA's or certificate authorities.  These businesses verify your domain name, your business and your authority to apply for such a certificate amongst other things based on the type of certificate applied for. 

Your e-commerce payment gateway can make life a little simpler by providing you, the online merchant, with a customizable payments page hosted on their site.  This is the least expensive method, as it uses the gateways SSL certificate (shared) instead of your own.  In addition, the gateway's server stores the sensitive data on it's own PCI DSS compliant server leaving the merchant risk free (regarding data storage). There's a few cons though, the biggest one being your customer leaves your site at the time of payment, as well as a loss of control in the order process.  This might be a great, cost effective approach for a new online merchant. 

If you have a busy site though - you'll probably want your own payments page with your own SSL Certificate.  Pricing is all over the place, and providers offer a variety of types of certificates - so due diligence as usual.   Your web developer or merchant account provider (XBS) can easily assist you in your purchase. Certificates must be renewed.  Some gateways such as authorize.net provide certificates at deeply discounted prices through partnerships with providers.

SSL technology is not an option for ecommerce merchants, it's a must have.  This article only touches on the basics of secure socket layer technology.  Statistics show that our customers are becoming internet savvy and will increasingly refuse to do business with ecommerce merchants who don't display SSL basics and signage. 

So be secure and prosper.

Pin Pads, Benefits of Pin Debit and New PCI DSS Requirements

 Email Article |  Twitter |  Facebook |   LinkedIn 

The acceptance of debit cards is a vital requirement for merchant success. 

Consider VISA's announcement in May of 2009 that for the first time in the company's history, the volume of debit payments surpassed that of credit cards.  Recession news continues to bolster this trend - whether it is due to the diminished availability of credit or a wise consumer approach - all the card networks are reporting healthy growth.

Merchants accept debit cards one of two ways - online - requires a pin pad (PED - pin entry device) or offline (requires a customer signature).  Unless the merchants primary sale or average ticket is less than $25 pin debit costs less than signature debit.

So let's talk pin pads which are an indisputable, worthwhile merchant investment given what you've just read.

Pin pads can be stand along devices - connected by cable directly to your credit card processing terminal and set up for easy customer access and interface or integrated within the credit card terminal itself.  The debit card is swiped through the pin pad and  a 4 digit pin is entered by the customer to authorize the transaction.  The transaction is processed through the ACH processing network and the merchant is funded immediately.  

Each pin pad has a unique encryption security code.  When the pin is entered the pin pad encrypts the number at the point of sale through to the bank, for verification and payment. 

Top pin based debit benefits -

• Reduced Processing Fees
• Fast settlement of funds
• Fewer chargebacks - PIN based debits are not subject to chargebacks
• Transactions cannot be downgraded - as they often are with credit card transactions that don't qualify for the best rates

If you already have a pin pad - you should be on alert that in July 2010 new VISA equipment compliance requirements will be in effect.  Is your equipment up to date? See the PCI Security Standards website list if you're not sure - your PED must be an exact match with the specs on the site.  If you have don't see your device listed, you have the wrong version or you have questions about whether your pin pad is meeting PCI DSS standards - don't wait until July - call XBS @800-347-1090.

PED security is a real issue.  It doesn't take much imagination to grasp the value of cardholder data combined with a debit PIN - the information would give thieves the ability to drain a bank account.  The technical savvy of today's criminal is mind boggling and apparently encryption cracking services and decoding ability has kept pace with security measures.

NOT ONLY does your POS PED need to be on the list - but VISA is further mandating an update of the PED with what's called TDES (triple data encryption standard)- a stronger, more robust encryption standard that serves to reduce further risk of theft of valuable cardholder data.   

Many recently deployed integrated PED's are TDES capable but still must have the TDES keys injected.  Older integrated PED's may not support the new standards and will have to be upgraded to more recent equipment, integrated or, possibly an external pin pad, with a TDES key injected prior to use/shipment.

Moral of the story?  Secure, pin based debit can increase your revenues and cash flow.

• Start processing pin debit and lower your processing costs 
• Ensure your current or new device meets all upcoming July 2010 VISA mandated security requirements and is PCI DSS compliant.

WIN WITH PIN!

(couldn't resist!)