Introduction to Credit Card Processing
As a business owner, an office manager, a receptionist or even a consumer, we all know how credit card processing works, right? A customer swipes or inserts his credit card into a card reader, authorizes the amount with a signature and goes about his merry way. It may seem straightforward at first, but there’s an industry of regulators, providers and security professionals that make this process appear simple and seamless.
This guide is designed to illuminate the inner workings of credit card payment processing. You’ll learn basic definitions and explanations to ground yourself in this industry, be exposed to the different players in the space (many of whom you’ll partner with for your business) as well as the technology needed to accept payments today, and in the years ahead.
Next, we’ll dive into fees. While fees are a pain in any industry or situation (personal and professional) not all credit card payment processing fees are legitimate. We’ll expose which ones you should never pay as well as educate you on fees that are fair and how much they typically run.
Operating a modern business usually means equipping it with a lot of software. We’ll cover relevant software for your business that makes payment processing easy and efficient, saving your staff precious time on every transaction. With all this information coming at you, you’ll want help comparing your potential providers. We’ll give you the tools to do just that.
Payments are only as good as the security protecting them. We’ll explain the technicalities you need to know in order to run a safe, healthy business. We’ll discuss pain points and the potential revenue stream — and setup — of an online store and conclude with information about the future of payments. Due to constant updates to combat fraud, payment technology is always evolving. Learn what you need to know to partner with providers that will last for the long haul and to invest in future-ready equipment.
Without further ado, we’ll dive into the terminology you’ll want to know to start researching payment providers and how they impact your business.
How Credit Card Payment Processing Works
Whether you process thousands or millions per month in credit card volume, it’s imperative that you understand how credit card payment processing works. Despite the costs and complexity associated with credit card payment processing, not accepting credit card payments means leaving too much money on the table. Conversely, processing large credit card volume on an expensive rate plan or paying hidden fees could hurt your business just as much.
Small businesses risk losing customers who prefer to pay with credit cards, undermining their ability to get up and running, and grow. On the other hand, large businesses can end up paying too much in credit card fees with a one-size-fits-all rate plan. This can rob large businesses of profits they deserve to keep and invest.
The payments landscape is ever evolving as new technology and security methods make their way into consumers’ habits and wallets. With tap-to-pay mobile options at a 17 percent adoption rate and anticipated to become more popular, you’re only hurting your business by not taking credit card payments or failing to upgrade to more modern payment processing technology. Convenient payment methods like mobile and credit card, are increasingly important to younger consumers. It’s estimated that 45 percent¹ of millennials would shop elsewhere if credit card processing were unavailable.
This definitive guide will cover everything from basic definitions to insider tips to lower your credit card rates. An honest payment provider is hard to find, making it all the more important to do your research and know how credit card payment processing works. That way, you can advocate for your business, take the security measures needed to get the best rates and ultimately protect your customers. After all, poor protection of your customers’ information could result in lost business and risk of closure. We’ll dive into new payment technology; the information you need to defend yourself from chargebacks, data breaches and more; along with product comparisons.
Credit Card Payment Processing Definitions
With anything complex, there is often jargon, terms and phrases that beg definition. This list of definitions will prime you to understand different payment methods, security features and considerations. Use this as a reference as we dive into these topics — and how they’re connected — throughout this guide.
- Address Verification System (AVS): A security measure that verifies that the purchaser for an online or over-the-phone transaction knows the address associated with the credit card.
- Automated Clearing House (ACH): An electronic network that facilitates the debit of personal or corporate bank accounts.
- Authorization: The process of electronically verifying the balance of a debit or credit card before capturing payment.
- Bank Card: A plastic card that allows an account holder to withdraw money electronically via ATM.
- Batch: A group of transactions that occur within a determined time frame (usually one business day) and settle with the bank together.
- Capture: When funds are transferred from the customer’s account to the merchant’s account after credit card authorization is complete. A merchant account is a type of bank account that allows for the acceptance of credit card payments.
- Card Association: Visa, MasterCard, Discover and Amex, all of which regulate Interchange, price and rule setting, and security best practices.
- Cardholder: The account holder associated with the credit card and connected bank account.
- Card Verification Value (CVV): A card-not-present security measure that confirms that the purchaser has physical possession of the card. The CVV is a three-digit number on the back of Visa, Discover and MasterCard credit cards and a four-digit number on the front of Amex cards.
- Chargeback: When a cardholder or bank disputes a credit card transaction, resulting in a process to determine the legitimacy of the dispute and who should retain funds.
- Chargeback defense: Proof that a business did its due diligence to prevent fraud and obtain proper authorization for a transaction. A signature has traditionally been the best defense against chargebacks.
- Clearing: The time period between when a purchase is made and when the transaction settles. Co-branded card: A credit card that provides the cardholder with merchandize discounts or promotions for a specific retailer.
- Corporate card: A credit card that is connected to a business bank account. Credit card processing: The steps taken to authorize and accept non-cash payments. These payments require the involvement of multiple parties to authorize as well as debit customer accounts and credit merchant accounts.
- Currency conversion: The process of exchanging one currency for another based on current conversion rates or relative value for each currency.
- Debit card: A plastic payment method that directly debits funds from the cardholder’s checking account.
- Electronic draft capture (EDC): The method by which data is collected, formatted and stored electronically.
- Electronic funds transfer (EFT): The electronic transfer of funds between two financial accounts, either at the same financial institution or two different ones.
- Interchange fee: The wholesale cost to run a transaction, which is related to the risk and reward associated with a given card as regulated by the card brands.
- Merchant Service Provider: A credit card payment provider that underwrites businesses for their own merchant accounts. A merchant account is required to accept credit and debit card payments.
- Online payment processing: The process of accepting card-not-present transactions via a website or online shopping cart.
- Payment Gateway: A payment provider that enables the acceptance of credit card transactions.
- Payment Card Industry Data Security Standard (PCI DSS): The data security standard that any business or organization that processes, stores or transmits credit card information must follow. It is regulated by the card associations.
- Retrieval request: A fraud-prevention measure that a credit card issuing bank makes to a merchant. The merchant has 10 days to provide data about the transaction to avoid a chargeback.
- Transport Layer Security (TLS): An encryption method that establishes secure transfer of data between a server and a client.
- Settlement: The final step of a credit card transaction, when cardholder funds are successfully transferred to the merchant and deposited into its merchant account.
Sound complex? Don’t worry. Now that you know the terms, you’ll see them in practice as we explain how transactions are authorized, captured and settled, as well as the providers that facilitate these processes. In this guide, you’ll learn everything needed not only to be informed about your credit card processing but to become an advocate for your business’s fair treatment.
Every step of credit card payment processing involves a middleman, which generates costs. Knowing standard rates, rate plans and regulated fees will help you spot unfair billing practices and secure fair rates for your business and eliminate unnecessary middlemen.
Understanding Processing Companies and What They Offer
As we initially stated, credit card payment processing seems smooth and simple on the surface. But once you dive into how a credit card transaction gets authorized and approved, you soon realize that this illusion is the product of a well-executed dance among multiple providers — each of which is key to the completion of successful payment.
In this chapter, we’ll introduce you to the many providers and explain how transactions are processed and why different fees are levied on businesses.
- Card Associations: The companies that manage the card brands (Visa, MasterCard, Discover and Amex). They focus on network operations to run transactions, price and rule setting for Interchange rates, marketing and research into new anti-fraud techniques. They step in as mediators for transaction disputes and establish rules to govern their members.
- Card networks: Each of the Card Associations has its own network. They communicate with the issuing and acquiring banks during the authorization process and attribute the transaction to the cardholder for proper billing.
- Issuing banks: Financial institutions that issue credit cards (e.g., Chase, Citi, Wells Fargo), back the Card Associations, and issue credit to cardholders. Some Card Associations can double as issuing banks (e.g., Discover, Amex).
- Cardholder: A person or entity that receives an account from an issuing bank.
- Acquiring banks: Banks that are members of the Card Associations and have agreements with Merchant Service Providers to accept deposits for credit card transactions.
- Payment Processors: They maintain the computer network that facilitates communications between your Merchant Account Provider and the banks. Often referred to as processors, they do not directly work with businesses. They are chosen by your Merchant Service Provider’s bank.
- Independent Sales Organization (ISO): Companies that manage the sales and marketing of the credit card processing products and services. They provide each of their customers with an individual merchant account. Another name for an ISO is a Merchant Service Provider.
- Registered ISO: A registered ISO is allowed to use its own logo and marks on merchant agreements and must list its acquiring bank on its website.
- Super ISO: An ISO that has a direct agreement with a member acquiring bank. A super ISO may also have sub-ISOs under it.
- Merchant Account: A merchant account enables a business to accept credit and debit card payments in exchange for its products or services.
- Payment Gateways: Systems that facilitate the transfer of information between an online payment portal and a processor, making it possible to process e-commerce and retail transactions. Gateways can work directly with businesses or through a credit card processor.
6 Steps of Credit Card Authorization
Now, here’s how these providers interact. Every transaction undergoes the following six-step process to either authorize and approve or reject an in-person credit card payment.
- The cardholder initiates payment by swiping or inserting a debit or credit card into the merchant’s card reader, usually provided by the ISO.
- The ISO communicates the transaction information to its Payment Processor.
- The Payment Processor, acting as the technical glue, communicates the transaction to the Card Association’s network.
- The acquiring bank checks with the issuing bank via the Card Association’s network to determine whether sufficient credit or funds are available.
- The acquiring bank communicates the information back to the ISO via its Payment Processor.
- An approve or decline code is issued. If approved, the transaction will process, and the Card Association network will facilitate the transfer of funds from the issuing bank to the depository bank account of the merchant.
All of this happens in a matter of seconds. For card-not-present or e-commerce transactions, a shopping cart collects the credit card number, and a Payment Gateway helps to facilitate the transaction.
After a successful credit card authorization, a business has the option to hold or settle the transaction. If held, the transaction must be captured within a certain time frame in accordance with the Card Association. This duration may vary, but held transactions typically must be settled within five to seven days. If a held transaction is not settled in that time frame, it’ll be voided.
Why Payment Providers Charge Fees
It may appear prohibitively expensive to accept credit card payments with so many providers taking a cut of your profits. That said, not taking credit card payments can harm your business more in lost sales.
Most of the providers introduced in this chapter make money by charging fees for each transaction they handle as well as for using their services. Some of these fees are charged directly to the business, while others are passed down from one provider to the next. Here’s how each of these providers makes money:
- Issuing Banks: They extend lines of credit with varying limits to their cardholders and charge interest on balances that aren’t paid in full at the end of a billing cycle (typically one month).
- Acquiring Banks: They collect a small fee for every transaction.
- Card Associations: They charge dues and assessments on the total volume of transactions per month. Dues and assessments are subject to change twice per year when the Card Associations announce their updated Interchange guides. This is how the card networks make money as well, as they’re an extension of the Card Associations.
- Payment Processors: They collect a per-transaction fee that merchants never see. It’s baked into what the Merchant Service Provider charges.
- Payment Gateways: These providers will often charge a gateway fee for their services if they’re standalone services (i.e., combined Merchant Service Provider and Payment Gateway providers usually don’t charge a fee).
- Merchant Service Providers: These providers often charge a markup on their transactions because they do not make money off the Interchange rates that apply to credit card payments. Additionally, they may charge fees to use their services or waive these for high-processing businesses.
- Payment Facilitators: Like Merchant Service Providers, Payment Facilitators make money on the markup over Interchange that they charge their customers. Because they only offer Flat-rate pricing, a single high rate for every transaction, this margin is larger than the flat markup Merchant Service Providers make.
Unfortunately, with so many fees charged by multiple parties, it can get confusing to review your monthly merchant statement. Some providers take advantage of this inherent confusion to pad their fees and even add in fake ones to make more off each merchant account. We’ll dive into this more later and give you examples of what common unethical fees may look like on your statements.
Strategies to Eliminate Middlemen
Obtaining support and understanding your total credit card processing costs can be challenging with so many disparate service providers. After all, credit card processing is just one facet of your business. You have additional providers for everything from Wi-Fi to inventory.
You can streamline your payment providers by opting for an all-in-one Merchant Service Provider and Payment Gateway. Doing so will help you eliminate your Payment Gateway bill and process in-person as well as online transactions with just one provider, resulting in more straightforward support access and clearer merchant statements.
Methods for Accepting Credit Card Payments
Cash or credit, paper or plastic? Customers simply pick their preferred option at checkout and continue with their days. For business owners, accepting credit card payments is a bit more involved. You deal with more of the background ins and outs of equipment, security, customer convenience and accounting. Equipping your business to swipe (or tap, or key in) cards can also require different procedures for your brick-and-mortar and virtual storefronts.
Let’s dig into the providers and processes you need to know to understand what credit card processing entails, however you do business. Getting familiar with your options can lead you to the best providers to handle your needs.
Credit Card Processors
Accepting credit card payments looks a little different for an in-person versus a card-not-present transaction. As of February 2017, around 43 percent of consumers² researched and completed purchases online with multi-channel retailers. Both in-person and e-commerce sales are thriving, so businesses need to be ready to attract both.
For in-person sales, customers swipe or insert their cards into a physical card machine. The card reader sends authorization requests through several parties, including issuing banks and the Merchant Service Provider. A signature, and sometimes even a photo ID check, confirms that the person standing before you really is the cardholder. While the entire process typically takes less than 10 seconds, most customers (and even employees) will never know how many steps it takes to authorize a credit card transaction.
Online, of course, you can’t physically swipe a card, so you’ll need a Payment Gateway for e-commerce sales. A secure shopping cart and Payment Gateway minimize the risk of fraudulent transactions. It’s harder to prove cardholder identity with online transactions, so you can expect Merchant Service Provider rates to be higher than what’s charged for in-person sales.
You can make life easier on yourself by setting up a central system for your credit card readers. A traditional POS terminal that relies on paper receipts to record transactions demands extra work from you. Tracking sales involves collecting the paper reports from each individual card machine. Inputting data, storing receipts and maintaining spreadsheets is time-consuming, and you risk misplacing important transaction information.
The best credit card processors on the market today can communicate with software and other devices, so business owners can generate reports easily and check sales at different registers or store locations.
Accept Credit Card Payments in Person
Handling credit card transactions in person is the most straightforward, secure variation. You can still take steps toward ensuring optimum security by choosing up-to-date tech for a more streamlined customer experience.
The first critical feature to check for is swipe-and-chip capability. The best card readers (and, frankly, the only ones you should consider these days) allow cardholders to insert their cards for the machine to read their chips. EMV compliance can affect your liability for card-present credit card fraud, so supporting chip cards helps protect your business as well as your customers.
Pay attention to how the credit card processors you’re considering record transactions, too. Digital records can make preparing batch reports and locating transaction details a quicker, easier process than relying on paper receipts could. Digital signature capture can add another level of security, too. You may be able to essentially eliminate friendly chargeback costs by capturing and storing customer signatures in the cloud.
Accept Credit Card Payments Online
In order to accept credit card payments through your online store, you’ll need a Payment Gateway in addition to a merchant account. Dreading the prospect of adding yet another service provider to your business’s back end? Don’t worry: There are some all-in-one services that can handle all your transactions. Consolidating services to one provider isn’t as complicated as it sounds and can result in a simpler experience for you.
Minimizing expenses is a perennial concern for many business owners. The good news is that shopping around and asking smart questions can help you accept credit card payments online without adding too much to your expenses. Look for a Payment Gateway provider that will work on a month-to-month basis, rather than on a contract. These providers tend to offer better customer service because you’re free to leave at any time.
Restrictive contracts can lock you into paying for a service you no longer need or keep you from pursuing a better deal. Ask about fees before working with a Payment Gateway, too. Some miscellaneous fees (such as a Payment Gateway fee) don’t really do anything but pad the provider’s pocket. A reliable, trustworthy provider doesn’t have to resort to gimmicks like unnecessary fees to keep its business solvent.
Best Credit Card Processors for Small Business
You’re ready to upgrade your business to accept credit card payments, but with so many options on the market, it’s tough to know where to start. Which is the best credit card processor for you?
We hate to say it, but as with many other business choices, the answer is, it depends on your specific needs. You know your growth targets, transaction volume and business priorities better than anyone else.
With that said, we can offer a checklist to point you toward the best credit card reader to fit your small business. Look for providers offering:
- Tailored services: Options that let you choose the features that provide the most value for your business.
- Transparent pricing: The pricing model is clear, and you aren’t hit with ethically muddy, unnecessary fees.
- Flexible terms: You’re a partner, and as such, you deserve fair treatment. Month-to-month plans are a good sign, and you shouldn’t encounter strict requirements simply due to your size.
- Easy e-commerce application: A provider should make accepting credit card payments online quick and easy.
Alternative Payment Methods
To stay on top of an ever-evolving market, business owners should consider branching out to accept new methods of payment. Mobile payment options represent a relatively small slice of consumer transactions, but it’s worth considering card readers that can cater to customers who like to reach for their e-wallets.
Services like Apple Pay and Android Pay use near-field communication (NFC) technology to authorize a transaction. NFC lets applicable devices communicate with each other when they’re held an inch or so apart. Besides e-wallet platforms, several major credit card issuers now offer contactless cards as well. Some consumers prefer this method for its high degree of security and convenience. EMV and contactless cards generate a unique code for each transaction that expires after one use, making card information much harder to steal for fraudulent use. NFC payments can also be faster than EMV chip card payments, so some customers prefer this extra convenience. Offering alternative payment methods as options can set your POS experience above the competition’s.
Simplifying Transaction Fees and Pricing Structure
Accepting credit cards means working with a long list of financial parties, all of whom take their cut. Although cash-only operations are simpler, many small businesses can’t afford to miss out on the revenue from credit card transactions. Working with a Merchant Service Provider can consolidate some of the necessary services, resulting in fewer middlemen to deal with. Choosing a rate plan and understanding the bill, however, can present yet another hurdle. In this chapter, we’ll walk you through fees, rate plans, and business practices you should consider to ensure you’re working with the right provider.
Credit Card Processing Fees Made Simple
A Merchant Service Provider’s billing statement can be a complicated document to read. The exact terminology for various charges often differs from provider to provider. Before you enter into an agreement with a provider, ask for a sample billing statement so you can familiarize yourself with the language and organization it uses (some providers combine Payment Gateway fees and AVS fees into one umbrella “transaction fee” line item, for example). Here are some typical credit card processing fees and costs to know:
- Interchange (IC): This is the wholesale charge per transaction that credit card companies issue. The provider passes this cost along to the merchant, which are shown on Interchange-plus merchant statements.
- Rate plan: Depending on whether you choose an IC-plus, Flat, or Tiered Rate plan (which are defined below), there will be some form of varying or consistent provider markup. Your company’s stage of growth will help determine which plan is right for you.
- Fees: Not all providers will charge the same fees. Some fees are a normal part of fair business practices, whereas others can signal a dishonest provider that squeezes small businesses for as many markups and fees as possible. (Confused? We’ve got your back. Read the next section to learn which fees are fair and which are more suspect.)
Here are some additional factors that can influence how much you’ll pay to accept credit card payments:
- Transaction method: Online, in-person, and keyed-in payments can carry different transaction rates because some forms, such as keyed-in card-not-present payments, carry a greater risk of fraud.
- Card type: Generally speaking, debit cards are the cheapest to authorize, because the funds are sent through immediately. Business and rewards cards tend to be the most expensive to authorize, while standard credit cards fall somewhere in the middle.
Smart Negotiation: Wholesale vs. Markup
A Merchant Service Provider may have some wiggle room in terms of price. Going through the features and fees one by one with a representative may save you some money. The key to an effective negotiation is preparing beforehand, and for credit card processing fees, that means knowing what costs the provider controls and which fees are non-negotiable.
Interchange is an important fee that gets passed through from the credit card issuer, through the provider (whether it’s a Payment Facilitator or Merchant Service Provider), and finally to you, the merchant. It’s not possible to shop around for different providers based on this rate, as they don’t have any control over it. Card Association fees, also called dues and assessments, are another cost you’ll see reflected wholesale.
The card issuers charge a small fee per transaction, often about $0.10, which is a fraction of a percentage of the sale. Depending on the card issuer, this charge may appear on your billing statement as the acquirer processing fee or network access and brand usage fee. Ask about any fees or acronyms on your statement you don’t understand. Finally, card issuers sometimes charge incidental fees for transaction processing problems or mistakes. You might see this listed as a Transaction Integrity Fee or a Misuse of Authorization Fee, among other possible names.
Negotiable Fees (Potentially)
With wholesale fees accounted for, you can now look at the fees a Merchant Service Provider may be able to negotiate with you.
- Monthly fee: If your business processes a high volume of transactions, a provider may waive the fee for the cost of basic services.
- Payment Gateway fee: This fee covers software used in the transaction process. Not all providers charge this fee, so it’s worth it to ask if a provider will strike it for you.
- Statement fee: Opt for electronic statements, and your provider may waive the fee they’d charge for printing and mailing.
- AVS fees: These fees, while necessary, should only amount to about $0.01 per transaction. If this cost is inflated, call your provider.
The provider may have a lengthy list of fees, but a reputable business will take the time to help you understand what you’re paying for. While you may not be able to talk down every fee, you should at least have the sense that the charges are fair.
Some credit card fees may sound legitimate but are really just a bogus way to collect extra money. We see pointless fees as a warning sign: If the provider is willing to make a flimsy excuse to grab a few bucks, they may be performing other shady business practices, too. Tread carefully when you see a provider charging the following:
- PCI fee: If you’re not PCI DSS compliant, your provider should offer you tools to remedy that, not slap you with a fine.
- Auto-renewals and early termination fees: Providers that deliver high-quality service don’t need to make it painful to switch providers, because you prefer working with them anyway.
- Non-Qualified Interchange fee: This is a completely bogus fee. IC-plus plans don’t have a non-qualified tier. This fake fee combines terminology you’d recognize from different plans, but it doesn’t really make sense.
- Next-day funding fee: This is standard practice, and you shouldn’t have to pay extra for it.
- Tax reporting fee: The provider is legally obliged to report taxes, so again, there shouldn’t be any cost to you.
- Excessive downgrades: A Tiered plan that dings you for small, easily correctable issues is more interested in nitpicking you into more expensive processing than providing quality service.
3 Sneaky Ways Your Rates May Fluctuate
As we’ve already discussed, not all card transactions are alike. Furthermore, you may see your rates change even when the monthly processing volume remains steady. What gives? It turns out that the ratio of the transactions you take impacts your costs just as much as the volume does.
- Card present vs. card-not-present transactions: Card-not-present transactions, like online and phone transactions, are more expensive because the risk of fraud is higher. So if your ratio of card-not-present transactions goes up, so will your rates.
- Credit card brands: Amex charges higher transaction rates than other credit card issuers like Visa, MasterCard and Discover. Those rates get passed through to you, so the more Amex you process, the higher your rates.
- Debit vs. rewards cards: Cardholders earning cash-back rewards rarely think about where that money is coming from. Merchants know that rewards cards cost more to process. Debit cards, meanwhile, carry a rate of only $0.22 plus 0.05%, making them the cheapest cards to process. Your monthly percentage of debit vs. rewards card transactions can cause your bill to fluctuate.
Which Pricing Model Is Best for Your Business?
The three most common structures for credit card processing play a major role in how transparent and cost-effective your billing statement is.
- Flat Rate: Payment Facilitators like PayPal and Square offer Flat pricing because your business, and all others using the service, essentially borrow the Payment Facilitator’s merchant account. The fixed flat rate isn’t regulated, and you can expect it to be set to cover the cost of more expensive transactions, so you’ll pay higher processing fees on less expensive transactions, like debit cards. The benefit is that Flat pricing is simple to understand and easy to set up, which can appeal to new businesses that don’t process high volumes of credit card sales.
- Tiered: In this pricing model, transactions are bundled into three tiers based on risk and reward. The Qualified tier is for low-risk, low-cost transactions. With greater risk and reward (which impacts Interchange costs), Mid-Qualified and finally Non-Qualified come into play. Like Flat Rate pricing, Tiered pricing is not regulated. It’s simple to understand, and if you’re in a favorable tier, you may receive a pricing advantage over Flat Rate plans. But this setup also makes it easy for providers to bury fees, and you can be downgraded to a more expensive tier for breaking any of the requirements for the more qualified tiers. Again, the tiers aren’t regulated, so it’s hard to tell if you’ve broken any rules to deserve a downgrade.
- IC-plus: This type of plan is the most likely to get you the lowest credit card processing fees and offers the most transparency. As the name indicates, the pricing is based on the Interchange cost plus the provider’s markup. Unlike the other two models, IC-plus keeps the markup rate consistent for each transaction. The downside? Transparency means your billing statement will be more complicated, because it will outline all the different IC rates, markups, and fees you’re paying. Still, for many businesses, the benefits of true insight into what they’re paying the provider versus the credit card company outweigh the drawbacks of a more involved statement. For high-processing businesses, it’s crucial to pocket the savings on low-cost transactions, making this plan the most advantageous.
Overall, IC-plus is the way to go in terms of both pricing and transparency. Other models may be more convenient for businesses just starting out, but the best value in the long run is with a provider that offers IC-plus credit card processing with a low, fair markup.
Your Checklist for Smartly Comparing Providers
- Ask for a sample billing statement: Take a look and see if you can spot any unethical or questionable fees. The complexity of the billing statement is a good way to judge how complicated or straightforward the provider truly is.
- Schedule a call with a representative: Use a sample billing statement to ask pointed questions of the provider. Going through the features and fees one by one with a representative can help you to establish trust and understanding with your provider from the get-go, or to spot an unethical provider, depending on the answers you receive.
- Negotiate: Monthly fees, Payment Gateway fees, statement fees and AVS, if it’s over $0.01 per transaction on the sample statement, are great fees to try to lower.
- Review your contract: Make sure there is no exit clause or stipulated term length. Look for month-to-month providers so you always have the opportunity to switch to a provider who has your best interests at heart or can meet your changing needs.
- Repeat: Choosing the right merchant services is a big decision, and switching providers can be difficult if auto-renew clauses or termination fees are involved. Be smart and go through this process with a few promising providers before settling on any particular one.
Choosing and Utilizing Processing Software
There is software available for just about everything in today's marketplace. And payment processing software that can enable your business to move online and access dozens of beneficial features is no exception.
In this chapter, we’ll outline the top things to look for when comparing online payment services and how the credit card processing software you use will help your organization efficiently and securely accept payments.
Payment Processing Software Explained
Credit card processing software is commonly referred to as a Virtual Terminal. As the name suggests, a Virtual Terminal is much like a POS machine except it’s online. Gone are the days of relying on paper receipts to maintain your business’s transaction records. With a Virtual Terminal, you can access that data online anytime.
There’s something tricky that’s worth noting here: Most credit card terminals that connect to online payment services use middleware. This type of software increases your risk of fraud and liability because middleware brings your business within PCI scope. By avoiding middleware, you reduce your PCI scope and your risk of fraud and liability. We’ll dive deep into what PCI means, who it impacts, and why you want that impact limited later in this guide. But it’s worth noting now that any terminal you’re looking to connect with payment processing software should not contain middleware.
Best Online Payment System: Features
Assuming that you want to go digital and find a provider that can help you both record your transaction histories online and store individual, signed receipts, you’re ready to consider other capabilities of credit card processing software.
The best online payment processing provider will offer the following features to make its customers’ lives easier:
PCI Level 1 Security
First things first, it doesn’t make sense to engage with online payment services that aren’t secure. If you’re going to store your data (and your customers’ data) online, confidence in your data's security is crucial. This can mean the difference between returning customers who trust your business and lost customers and a damaged reputation.
Go with a PCI Level 1 provider and settle for nothing less. Even better, go with one that has a proven long-term record of adhering to the strictest requirements of the Payment Card Industry Data Security Standard. This will give you peace of mind that you’re trusting a provider that is dedicated to your security and that of your customers.
You may already be using software that reduces your reliance on paper. If you manage a medical office, this could be an electronic medical records service. For auto dealerships, it could be a dealership management system. These softwares help reduce your reliance on paper and help you move to the cloud, but they can’t do everything.
Your transaction receipts are a large part of your business maintenance. Your cashiers must keep track of receipts, and if you operate a multi-location business, you may have to rely on courier services to transport all those receipts to a centralized location to be reviewed, boxed and eventually stored off-site.
With the best online payment system, you can then search for a transaction from within the Virtual Terminal by typing in the cardholder’s name, transaction date, amount, etc.
Now, you may be wondering about your customers’ signatures. After all, you need to print a receipt to capture a signature, right?
Not necessarily. Credit card terminals that feature an electronic signature pad are increasingly common. Digital signatures carry the same legal legitimacy as printed ones in the United States. With a terminal that captures digital signatures and stores them in the cloud, you can keep a record of each transaction along with a signature in the event of a chargeback dispute. No need to maintain and store physical boxes of receipts for years on end.
Cards on File
With a PCI Level 1 provider, you can move forward with the best online payment service out there: customer cards stored on file.
When seeking the best online credit card processing, look for one that tokenizes your cardholder data. This ensures that no one can access or decrypt the true cardholder data (including anyone from your business). The only party who can make sense of the token — a randomly generated string of characters that has no value if breached — is the final provider in the transaction: the Payment Processor.
With security in place, you can accomplish so much by maintaining cards on file. For one, it enables efficient and convenient handling of transaction edits, voids and refunds. You no longer have to trouble your customers to come in for a transaction adjustment. Additionally, storing cards on file provides a boutique experience. Your customers will feel like family, with the effort to pay minimized to the click of your finger on a mouse.
Better still: Select a credit card processing software that can accept ACH e-checks. This will broaden your accepted payment types, result in fewer trips to the bank to deposit checks and increase cash flow. ACH can help include customers who don’t have a credit or debit card, or simply prefer flexibility with their payments. For businesses with high transaction values, like veterinary or medical clinics, this is even more critical.
With cards on file, the best online payment system will let you take things a step further to recharge customers on a recurring schedule. This is fantastic if you operate a business with subscription payments, installments, memberships or payment plans. Instead of your team manually following-up with customers to obtain payment, it’s automated.
If recurring billing is available in the payment processing software, ask if you’ll be notified of delinquents in a way that makes following-up easy for your team.
The best online payment processing provider will help you do more in less time. Take your sales reports for instance. With transaction histories stored in the cloud, you should theoretically be able to obtain automated sales reports showing how your business is trending over time, this month, year-over-year, etc.
These types of reports usually take painstaking diligence in Excel and are subject to human error. With a system that can automate this, you can keep a finger on your business’s pulse more accurately while gaining a viewpoint over multiple comparisons and time frames that you simply wouldn’t be able to maintain on your own.
Automatic Batching and Deposits
In the same vein, the best online credit card processing software makes tedious tasks like deposit reconciliation a thing of the past. This may not happen to you often (if you’re lucky), but a discrepancy in your deposit and batch totals can lead to a long guessing game that may prove fruitless.
For big businesses, you may need a full-time accounts receivable employee who focuses solely on balancing your deposits. Reasons for discrepancies can include Amex fees, chargebacks and miscellaneous payment processing costs.
Because you’re using online payment services, everything should be digitized. Instead of printed batch receipts that you can only access once, you have access to automated batch reports in the cloud. Pair these with a deposit report that shows on a daily basis what debits were taken for Amex, which are chargebacks, and so on, and you have a winning payment processing software.
User Access and Customization
These attractive features aside, flexibility is what will make the best online payment processing provider stand out.
Your business is unique. You may manage a large staff and want to keep tabs on what they can access and do in a Virtual Terminal. You may manage multiple locations and want to see sales separated by department or location as well as merged for an overall perspective. You may want to view all this under one login.
Selecting a payment processing software that allows you to restrict users as needed to certain functionality and visibility, as well as customize transaction fields is highly recommended. Some use cases may include restricting certain users from issuing refunds and accessing reports as well as ensuring that every keyed-in transaction runs AVS.
Credit Card Processing Software Unique Finds
There are two additional features we’ll cover that really define the best online payment system: remote signature capture and hosted online payments. These are unique and are only offered by limited providers.
These features are relevant for e-commerce businesses (which we’ll dive into in chapter 9) as well as businesses that take payments over the phone. With remote signature capture, you can charge customers over the phone and email them a digital receipt to sign with their mouse or their finger. At this time, PayJunction is the only software provider that offers this. Meanwhile, hosted payments allow any business to add payment processing functionality, such as a shopping cart, to its website with a simple HTML-generated button.
Again, partnering with a PCI Level 1 provider is critical, as a hosted payment setup redirects your customers from your website to the provider’s online payment service to handle the transaction. This makes it effortless to start accepting online payments, which can reduce your accounts receivable and drive up customer satisfaction. Who doesn’t like to pay bills from the convenience of their couch?
To sum up, the best payment processing provider will enable you to go digital with your payments. This can open a host of amazing features that will boost efficiency for your cashier and management team. Your company will get more done in less time and save money with these improvements, making the investment in payment processing software well worth it.
Comparing the Features Between Merchant Service Providers
Running a business is far from easy. Sometimes it can feel like a “two steps forward, one step back” process. You’ve done your homework, and you know accepting credit and debit card transactions can attract customers who prefer plastic. Still, the cost of credit card processing services and the risk of chargebacks can make business owners nostalgic for the cash-only days.
Your best bet is to start out strong with a Merchant Service Provider that minimizes your security risk and charges you the best rates for excellent service. In this chapter, we’ll give you the tools you need to find and then evaluate the best credit card processing companies on the market.
How to Compare Credit Card Processing Companies
You’ll find a lot of options out there when you’re researching the best credit card processing fit for your business. Your business size, your transaction volume and where most of your sales come from can affect your needs, but the following factors are essential to compare for almost any business:
- Setup time and effort: You’ll want to get any equipment and software set up as promptly and simply as possible, so you can focus on the fun part: boosting sales and growing your business.
- Rate structure and fees: Interchange-plus plans have the most transparent pricing and the best rate structure on the market. Tiered plans from a reputable provider are another option that some business owners prefer. Reviewing fees can help you separate reputable providers from less-savory competitors.
- Modern technology: Even if you don’t currently have a virtual storefront, who’s to say you won’t want e-commerce or mobile payment processing capability in times to come? Using up-to-date technology enables you to be more flexible in how you continue to grow and connect with customers. You can also store data more securely in the cloud, generate batch reports automatically, and pull up information about different departments or branches from a centralized system.
- Accepted payment types: Have you ever seen a note taped over a register letting you know the business doesn’t accept the card brand you were about to use? For a customer, payment restrictions can sour the end of a store visit. As a business owner, you don’t want to limit the transactions you can authorize. Make sure all major credit and debit cards are included before signing on with a credit card processing company.
- Proper underwriting: Payment Facilitators do not underwrite their customers and, instead, provide one shared merchant account to all of their users. While this provides a low barrier to entry, improper underwriting can result in held funds on high-ticket transactions.
Payment Processing Services Checklist
Once you’ve narrowed your potential partners to a credit card processing company shortlist that meets basic standards on technology and pricing, it’s time to ask for more details. The best company for you will have services in place that cater to your specific approach to doing business. Here are a few offerings that might interest you:
- Alternative payment types: Does the technology enable near-field communication (NFC) to accept digital wallet payments? What about ACH electronic checks?
- Customer support: The right Merchant Service Provider or Payment Facilitator is responsive and helpful. Look for educational services and resources (ideally at little or no additional fee) and a helpline with real people who will handle your issues promptly.
- Contract term length: This is a bit of a trick question, because we actually recommend a provider that won’t lock you into any particular term length. Month-to-month service protects your flexibility and keeps you from losing money on early termination fees if you decide you want to end the relationship.
- Next-day funding: It seems like a no-brainer that when you make a sale, earning yourself profits for your business, you should be able to access your own money right away. Several major credit card processing companies, however, make customers wait three to five days to access their own funds, or charge a fee to receive funds the next day.
Payment Processing Companies: Choose the Right One
Comparing features, price and service offerings will tell you a lot about the providers you’re considering. Contacting the top companies on your list directly and getting personalized information, though, can really set the right provider apart.
Following these best practices will help you find the ultimate credit card processing solution for you:
- Get quotes from multiple payment processing companies: For many businesses, the bottom line is one of the top considerations. After all, accepting credit and debit transactions should be increasing your revenue. Comparing offers helps ensure that more of your profits end up in your account, where they belong. Refer back to the checklist in chapter 4 for a list of tips when vetting providers.
- Have your info ready: Details about your business’s size, processing volume and average sale amount can help companies give you a personalized quote. Some credit card processing companies charge a monthly fee, whereas others may have a slightly higher transaction rate but no fee. Your processing volume can impact which fee structures give you the best value.
- Ask about support services: Especially for smaller businesses, the payment processing company can become almost an unofficial business partner. It may be able to teach you about PCI compliance or equip you with fast EMV or other security improvements. Reducing your company’s risk of fraudulent transactions or data hacks can be a major benefit of working with the right provider.
- Think about your business: Do you only operate a retail location? What about several locations? Do you accept online payments? If so, you’ll need a Payment Gateway and a shopping cart. Think long and hard about where you see your business growing (or just be realistic about where you’re at today). If you’ll need the means to accept online payments, this will greatly impact how you compare potential providers. A Merchant Service Provider that also offers Payment Gateway services will likely result in no Payment Gateway fee along with the perks of streamlined service. Additionally, a provider with ample shopping cart integrations will mean that you can theoretically turn to one provider to have both your online and your in-store needs met. We’ll touch more on the topic of e-commerce in chapter 9.
Understanding Data Security and PCI Compliance
We cannot stress enough how important security is in any credit card related endeavor. A data breach can rob your business of trust and customers. With major breaches at Home Depot and Target in recent years, cardholder privacy is increasingly on consumers’ minds. And unless you’re a major retailer like Home Depot or Target, a data breach could spell the end of your business.
So, how important is security in payment processing? Hackers know where to get access to a large volume of credit card data and banking information. This is why ATMs, banks and even credit card processing companies are often under siege by scammers attempting to hack into their systems. Armed with this knowledge, it’s clear why every payment provider you work with must do everything in its power to protect your customers’ data.
What makes a payment processing provider secure? The card brands (Visa, MasterCard, Discover and Amex) manage the Payment Card Industry Data Security Standards (PCI DSS). Any business or organization that processes, stores or transmits cardholder data is subject to PCI requirements, which means that they’re within PCI scope.
Now, you may be thinking, “I accept credit cards at my business, but I’m not doing anything to be PCI secure!” or, “I’m looking to accept credit cards, but I’m scared of the burden this raises.” Yes, there is a responsibility that comes with swiping a piece of plastic. That’s because of the attention hackers place on businesses, providers and banks. And there are consequences of non-compliance: Your business can be fined $90 per compromised card and lose its merchant account if chargebacks exceed 1 to 2 percent. Losing your merchant account means you’ll no longer be able to accept credit card payments.
Accepting Credit Card Payments Online: Security Tips for Merchants
All is not hopeless, though. There is plenty you can do to demonstrate your due diligence and be a smart business owner when it comes to security. We’ll start with technical considerations when selecting a credit card payment software, followed by day-to-day tactics you can implement to fortify your security.
If you want a credit card payment software that features cards stored on file, you’ll want to evaluate the method of data encryption. Two popular forms are point-to-point encryption (P2Pe) and tokenization. P2Pe masks data, which can be decrypted to show the exact values. In contrast, tokenization replaces sensitive data with a unique token (e.g., EO5L-X03K-S2LX-79BQ) that has no value if breached. The token is randomly generated and can only be decrypted by the Payment Processor — the last provider to handle the transaction.
Tokenization is preferable for these reasons. You’ll want all your providers to be PCI Level 1 compliant, but tokenization helps safeguard your business from security holes throughout the transaction process.
There are two types of software: native and software as a service (SaaS). You’ll need one of these to connect your card reader with your POS system. With SaaS-based credit card payment software, your credit card terminal connects directly through the Internet. With native software, an additional program is installed on your computer. This additional software, known as middleware, puts your business within PCI scope because your computer and network interact with cardholder data.
Middleware slows down credit card processing by adding more software into the mix. Furthermore, being within PCI scope opens your business up to the following:
- Annual PCI audits to evaluate systems and check for security vulnerabilities
- Potential quarterly scans on security systems that store cardholder data
Getting your business PCI compliant can be very expensive.³ Costs can reach into the tens of thousands for merchants to achieve Level 1 compliance. And because compliance is assessed annually, you’d be subject to paying these costs on an ongoing basis.
The best thing you can do is avoid PCI scope from the start by opting for a SaaS-based solution. Because no native software is installed on your equipment, payments are processed directly by your provider, without interfering with your network or computer.
Ways to Prevent a Security or Data Breach
Here are six tactics you can implement to improve your security:
Run AVS and CVV
If you accept over-the-phone or online transactions, AVS and CVV are a must. AVS, the Address Verification System, confirms a cardholder’s identity remotely by asking for the address associated with the credit card. Card Verification Value confirms that the cardholder has physical possession of the card by requesting the three-digit code on the back of a Visa, MasterCard or Discover credit card or the four-digit code on the front of an Amex card.
AVS results in lower card-not-present rates. As a reminder: Interchange, the wholesale cost to run a transaction, goes up with risk and reward. Because AVS mitigates risk, the Interchange rate drops when it is implemented.
Pro tip: If a transaction results in an AVS mismatch — the address provided does not match the one on file — make it a business policy not to move forward with that transaction. While you may want to gain a sale, you could pay up to 64 percent more in Interchange rates. A failed AVS match will result in a downgraded transaction if approved.
Stop Swiping Chip Cards
Chip cards are intended to be more secure. Following a sharp drop in fraud across the globe, the United States began adopting this technology in 2012. Chip cards generate a one-time code every time they’re inserted into a chip card reader. This provides a more secure form of authentication. By swiping these cards, you’re losing out on the security benefits.
Chip cards aren’t going away, and chip and PIN is expected to be the new norm shortly. If you’re still swiping chip cards due to old equipment or equipment that isn’t EMV certified, it’s time to update your equipment. This will secure each one of your chip card transactions. Additionally, it will protect you from bank-initiated chargebacks. These types of chargebacks are instigated by cardholders’ issuing banks to encourage the adoption of EMV technologies. A signed receipt does not protect you from this type of chargeback.
Update Your Passwords
It’s against PCI guidelines to use shared passwords. Have each of your employees create a unique login for all computers, payment processing software and sensitive data. This helps business owners maintain accountability among staff as well as limit certain users’ access if needed.
Screen Your Emails for Phishing Attacks
Hackers are becoming increasingly creative with phishing emails. With the intent to obtain sensitive information (i.e., usernames, passwords and credit card information), these emails disguise hackers as a trustworthy contact prompting you to click a link that can lead to the installation of malware. Hackers may impersonate other employees or management at a targeted company to obtain their sensitive data.
If an email looks suspicious, we recommend dissecting it carefully to confirm the sender. Hard-to-detect phishing emails usually come from an address that looks almost identical to a contact of yours, but off by one character or from a different email domain.
Pick up the phone and call the supposed sender to confirm that he actually sent you the email. If the email is asking you to click on a link or fill out a form, double check before doing so. If you complete the action requested and it’s a phishing attack, there’s no turning back. If you confirm that the email is a phishing attack (or suspect as much) delete the email twice: once from your inbox and again from your trash folder.
Run Updated Software
Make sure you take advantage of all system updates as your applications release new versions. This includes your browser, your payment processing software and your operating system. Your card reader should also be programmed to meet certain best security practices.
You can lower your rates and prevent unnecessary downgrades by ensuring your card reader is current with the latest PCI-related security protocols. Lack of attention to this could be a sign that your provider is not as secure or as helpful as it should be.
Monitor Your Devices
Get into the habit of examining your devices for signs of tampering. Check for the following on a regular basis:
- Objects attached to the front or back of card swiper slots
- Scratches on the plastic covering or connection ports
- Items plugged into ports, which may be small USB drives
You’ll also want to label and inventory all POS equipment you use. Make a checklist of these items and of aspects of your POS hardware to monitor. Then, make it a habit every two to four weeks to check in on these devices. Train your team how to spot suspicious activity so that each member can do his or her part to help prevent a data breach.
How Is PayJunction More Secure Than Others?
It can be daunting to read a lengthy list of security best practices such as this one. Luckily, PayJunction streamlines your payment security in the following ways:
- PayJunction is PCI Level 1 compliant. Even better, PayJunction has been PCI Level 1 compliant since its inception. This demonstrates our continued commitment to merchant processing security.
- The Smart Terminal lacks middleware. PayJunction’s POS reader is SaaS-based, meaning you never process, store or transmit cardholder data.
- PayJunction uniquely protects card-not-present transactions. PayJunction is the only provider to offer remote signature capture. This innovative technology enables businesses to conveniently obtain signatures for card-not-present transactions, such as online and phone payments.
- PayJunction uses tokenization and maintains up-to-date technology. All cardholder data is tokenized in PayJunction’s software, allowing for cards stored on file, recurring billing, one-click refunds, voids and transaction editing. With always-updated terminal technology, you get the best rates and meet current PCI guidelines.
PayJunction undergoes annual audits to maintain its PCI Level 1 status. This requires the verification of an independent auditor who visits all of our facilities and tests our systems to identify weaknesses and vulnerabilities. As an added measure, we enlist the help of another third-party security firm to run its own penetration tests. Separate audits occur for each one of the card brands.
Although all cardholder information is encrypted, we implement numerous safety measures — ranging from security cameras to badged entry and exit from our facilities — to ensure our data is protected. We undergo annual audits to stay up to date with the newest standards and technologies available.
It’s easy to check whether a provider is PCI compliant. Simply visit the Visa Global Registry of Service Providers page⁴ and type in the provider’s name to see whether it’s PCI compliant and when its annual validation expires. If your provider is not listed, look for a new provider that demonstrates a history of secure payment processing.
Payment Processing Mistakes to Avoid
Paying with a credit card is simpler for many customers, but for business owners, it can be a nightmare. We can sympathize with the headaches payment processing can cause, because we’ve spent almost two decades developing our expertise in the payment space and trying to improve it.
We work to stay on top of new developments in payment processing, so we can help you stay up to date and solve common issues you may face when processing credit card transactions.
Common Credit Processing Pitfalls
The first step is understanding what challenges you’re most likely to face so you can prevent them before they become a problem. Do any of these payment processing pitfalls sound familiar?
- Declined transactions
- Lack of compliance
- Card-present fraud
- Card-not-present fraud
- Merchant account holds or freezes
- Merchant account termination
- Transaction charges
- Credit card surcharges
If so, you’re not alone. These pain points make it harder for business owners to maximize their profits and keep sales running smoothly. We’d like to help solve some of these challenges for you. Let’s jump in by tackling one of the top credit processing problems business owners dread: the chargeback.
What Is a Chargeback?
Credit card chargebacks are frustrating because you’re literally paying for someone else’s crime. Chargebacks are a consumer protection service against credit card fraud. If a fraudulent transaction clears, consumers are anxious to get their funds back and protect their information. But if the goods are already in the fraudster’s hands, who eats the cost?
It can frequently be the business that charged the credit card.
Understanding the chargeback process is key to winning chargebacks when possible. Here’s what happens:
- Your business processes a credit transaction. You might not realize at the time that the transaction is questionable or even fraudulent. The card may be stolen or used by an unauthorized party (even a cardholder’s friend or family member). Or, in cases of “friendly fraud,” the transaction is perfectly fine, but the customer doesn’t recognize the purchase once his or her credit card statement arrives.
- The customer doesn’t recognize a charge on the statement and files a dispute. The bank that issued the credit card typically allows a certain window of time to dispute a transaction.
- The issuing bank investigates the dispute with the relevant card network.
- If the dispute seems legitimate, the issuing bank reimburses the customer, and reaches out to your bank (the acquiring bank) to tell it about the dispute.
- The acquiring bank passes the charge to you, withdrawing funds from your account. This is the first you’ll hear about the chargeback, even though the transaction may have been processed weeks ago.
- You can choose to fight the chargeback. Showing a customer’s signature, verifying that you took fraud-prevention measures like AVS or CVV or demonstrating documentation of similar transactions can make a case that the charge was legitimate. If you win, the banks take the funds back from the consumer and deposit them into your account. If you cannot present compelling evidence, you can face arbitration and ultimately be left to absorb that cost.
“Friendly fraud” chargebacks are the ones you stand a chance to win, because the transaction really was legitimate. We’ll outline how to make your best case against a chargeback.
Avoiding Credit Card Chargebacks
As you may imagine, avoiding credit card chargebacks in the first place is far preferable to dealing with the complicated, risky process of fighting back against disputes. Having a chargeback rate of over 1 percent can even jeopardize your merchant account, so minimizing their occurrence is a must. The following practices can help prevent fraud, and provide you with evidence to counter “friendly fraud” disputes:
- Capture signatures for every transaction. Even with signatures no longer required for payment acknowledgment, adding in refund policies, warranties, terms — and still getting a signature — will help fight chargebacks.
- Use a Virtual Terminal that can locate specific transactions and customer signatures quickly.
- Make sure your provider is EMV-certified.
- Train staff to direct customers to insert chip cards when possible rather than swipe the magnetic strip.
- Use AVS and CVV for card-not-present transactions.
- Keep proof of delivery if the product is shipped.
- Stay on top of new card association developments.
Strong fraud-prevention practices can solve multiple problems at once. Verifying transactions as they happen and updating your technology to accommodate EMV can reduce confusion, solve compliance issues and minimize the risk of card-present fraud. Better to have a declined transaction in the moment than deal with the headache of a fraudulent transaction later.
Preventing Card-Present Fraud
Any business, no matter how large and well-established, can potentially find itself at risk of a devastating data breach. Remember Target’s Black Friday security breach in 2013, which compromised over 70 million consumers’ data? A malicious hack into your system could mean serious trouble for your business.
Many articles about credit card fraud concentrate on online transactions. Admittedly, card-not-present transactions are riskier than card-present transactions, but neither is fraud-proof. These steps protect your in-person sales:
- Use EMV compliant hardware. Many providers incorrectly advertise their credit card readers as being EMV compliant. Failing to properly process EMV payments with an EMV-certified device will result in EMV fallback and potential bank-initiated chargebacks. These chargebacks are designed to punish businesses for not properly processing these payments and have nothing to do with fraud or your customers.
- Select POS hardware and software with care. Scammers may try to attach a card skimmer to your machine or use malware to compromise your system. Ask your credit card processing provider about features that minimize the risk of these hard-to-detect hacking attempts, avoid middleware as previously stated and commit to these best practices for securing your POS terminal.
- Treat PCI compliance as an ongoing process, not a one-time task. Encrypting data, running anti-virus or other security measures and regularly testing your networks helps keep your security practices robust.
- Be wary about keyed transactions. A card that won’t scan is a warning sign of a counterfeit or tampered card. Keyed transactions are also more expensive, and some Merchant Service Providers will put a hold or freeze on your account if they see too many.
- Collect those signatures. We really can’t stress this enough. Card networks won’t always require a signature for smaller transactions, but this personalized authorization is a critical step in protecting you and the consumer against incorrect chargebacks and fraud.
A huge corporation like Target can ride out a massive data breach, but a small business may not have the resources to survive a devastating data security failure. You want your POS hardware, software and business practices to operate together to maximize security and reduce risk.
Understanding Credit Card and Transaction Surcharges
Merchants deal with a lot of fees surrounding credit card processing. One important victory for merchants was getting Card Associations to change certain guidelines, clearing the way for merchants to add surcharges of up to 4% to offset a transaction fee. Before you pass this charge along to the consumer, you still need to check whether you can and consider whether you should.
According to the National Conference of State Legislatures,⁵ 11 states don’t permit credit card surcharges. If you’re in a state that does allow them, you’ll still need to follow strict requirements. You must notify the Card Association at least 30 days in advance, follow rules on posting the information for the cardholder and adhere to rules about exactly how much you can charge. It’s a complicated process.
Surcharging is also a potential turnoff for some customers, so you need to ask yourself whether passing along the charge is worth the risk of customers taking their business elsewhere. If you do decide surcharging is a worthwhile strategy, make sure your POS system can comply with receipt requirements.
Merchant Account Pain Points
Your merchant account is theoretically the service that allows you to process credit and debit transactions. If you’ve had to deal with holds, freezes or warnings about termination, you’ve got a serious problem to solve in your payment processing.
Start by taking a hard look at your own business operations. If your transaction records have too many questionable entries, the merchant account holds or freezes are the least of your worries right now. Remember: Data security and fraud prevention are your top priority.
If you’ve reviewed your business practices and can’t find any red flags, contact your provider. Either you’ll learn about an important blind spot, or you’ll learn that this provider might be unnecessarily punitive and not the best fit for you. If a Merchant Service Provider is quick to impose fines or holds, and slow to respond with solutions to improve your credit processing practices, find a better provider that will partner with you to get your registers up and running again.
Accepting Payments Online
While we’ve waited to introduce e-commerce until later in this guide, it’s worth noting that there are over 1 million U.S.-based e-commerce businesses, according to some estimates.⁶ Among those, up to 30 percent are strictly e-commerce businesses, with no physical storefront.
So, while a number of businesses eventually develop an online presence, e-commerce is the start of the journey for many. We’ll explore how in-store and online payment processing compare along with the inner workings of how e-commerce operates and tips for becoming a pro.
Before we begin, here’s a recap of the key players that enable online payments:
- Payment Gateway: Systems that facilitate the transfer of information between a payment portal and a processor, making it easier to process both online and in-person transactions.
- Shopping Cart: Software that allows website visitors to select items for purchase, place them in a cart, and securely checkout.
- Payment Processor: The technical glue that handles the transmission of transactions. Processors maintain the computer network that facilitates communications between a business’s Merchant Account Provider and the banks.
- Merchant Account: An intermediary bank account that facilitates the transfer of funds between a business’s Merchant Service Provider and its depository bank account.
In-Store vs. Online Payment Processing Comparison
When a customer makes an in-store person purchase the following six-steps occur:
- The cardholder initiates a credit card authorization request by swiping, keying-in or dipping his debit or credit card into the Merchant Service Provider’s system.
- The Merchant Service Provider relays the transaction information to the Payment Processor.
- The Payment Processor, acting as the technical glue, pushes the transaction to the Card Association’s network.
- The acquiring bank confirms with the issuing bank via the Card Association’s network whether the funds or credit is available. This ultimately determines whether the provider will approve or decline the transaction.
- The acquiring bank communicates the information back to the Merchant Service Provider by way of the Payment Processor.
- An approval or decline code is issued. If declined, the transaction will fail. If approved, the transaction will process, and the Card Association network will transfer the funds from the issuing bank to the business’s depository bank account.
Accepting payments online involves a few similar steps with different providers:
- The customer types the payment information into an online shopping cart and indicates the desire to complete the purchase. The data is encrypted and sent off.
- The encrypted data is sent to the provider’s Payment Gateway, then to its Payment Processor.
- The processor sends the transaction to the appropriate Card Association and an Interchange rate is assessed for the transaction. Due to the higher risk of fraud for card-not-present transactions, the Interchange rate is higher for this kind of payment.
- The transaction is approved or denied based on the presence or lack of funds.
- If sufficient funds are present, the transaction is authorized. The customer’s issuing bank transmits the authorization to the Card Association network and then the merchant. The Payment Gateway provides confirmation to the e-commerce site or shopping cart.
Although these steps take a matter of seconds, the transaction will sit as “pending” for 24 to 48 hours before the funds leave the customer’s credit card and are deposited into the merchant account.
As you can see, Payment Gateways relay an approval or decline for online transactions. Accepting online payments requires that you have an online presence in the form of a website or digital store. Next, you need a shopping cart or hosted checkout option to facilitate the payment. And lastly, you need a Payment Gateway. So, how should you go about evaluating and selecting a partner for these solutions?
Evaluating Online Payment Services
When it comes to having an online presence, there’s no reason to wait. The Internet and social media are here to stay, and not having an online presence means you could appear less reputable and less legitimate. With an online presence, you can more easily drive foot traffic to your retail location, expose yourself to a global audience, appear in online results when customers evaluate comparable services and solicit powerful customer feedback.
That said, many businesses have websites but haven’t taken the extra steps to monetize them. Some reasons to create an online shopping experience include the low overhead involved, easy setup, visitor retargeting, customer convenience and legitimacy for your business. After all, you want to be present and able to fulfill customer requests when they’re reading product reviews and comparing prices. Their interest to buy may wane if they have to drive to your business. And if you aren’t local, then your prospective customers have no choice but to go with your digital competitors.
With the benefits clearly laid out, how do you get up and running fast? Luckily, there are a host of intuitive, easy-to-use and comprehensive online shopping carts. A few we recommend include Ecwid, 3dcart, CS-Cart, JigoShop and Jotform.
These ready-to-use shopping cart services offer plenty of features to get started and customize your store to your needs and preferences. With that step complete, you will now need to consider your Payment Gateway. Every online shopping cart has a partner Payment Gateway that it works with.
We recommend looking for the following when selecting a Payment Gateway:
- All-in-one service
- Card-present and card-not-present capabilities
- No Payment Gateway fee
- Month-to-month service
E-Commerce Payment Processing Best Practices
It may seem overwhelming to juggle all of the different (but necessary) providers, but there are tricks to streamline the process that make it not only easier but also more efficient. When we say “all-in-one service,” we mean that the best Payment Gateway for your business is also a Merchant Service Provider.
Selecting an all-in-one provider allows you to consolidate to just one provider for your in-store and e-commerce transactions. Even if you’re only doing online sales, it’s smart to consolidate now as it will still eliminate your separate Payment Gateway bill. The best way to ensure you have the leanest setup is by evaluating all-in-one providers, then researching their integrated shopping cart partners, selecting one that works well for your business and signing up.
If you don’t want to involve a third-party shopping cart, some all-in-one providers also have a hosted checkout option. With this option, your customers click the checkout button on your site and are redirected to the checkout screen, which is hosted by your provider. No third-party shopping cart is involved. This setup is ideal for businesses that don’t have significant specifications and can make do with a more basic solution.
Once you’ve selected your preferred partners, there are steps you can take daily to run your transactions securely. Because e-commerce transactions are riskier, we always recommend using AVS and CVV to secure these transactions. Address Verification System (AVS) validates that the cardholder knows the billing address associated with the card. Card Verification Value (CVV) is the three-digit number on the back of MasterCard, Discover and Visa cards or the four-digit number on the front of Amex cards; by providing it, the cardholder proves that he has physical possession of the card. You can make these fields required in your checkout experience. We recommend not authorizing transactions with a failed AVS or CVV, as these are signs of fraud and these transactions will be downgraded if you authorize them. For AVS, you can take things a step further by requiring that both the address and the ZIP code match bank records.
Improving the Customer Shopping Experience
Just as a poor customer experience can send retail customers running, a poor user experience can lead to shopping cart abandonment. This is when an online customer adds items to his or her shopping cart but fails to complete the purchase. Shopping cart abandonment is often a result of an unintuitive checkout process or technical issues that prevent the transaction from being approved.
To provide a confusion-free checkout experience, we recommend going with an established third-party shopping cart option. These solutions are built to combat abandonment by design and sometimes come with tools like retargeting that help you follow-up with potential customers about the items still left in their queues.
The Future of Online Payments and E-commerce
The concept of exchanging something for goods and services has been around since the dawn of civilization. We’ve come a long way, but the future of payment processing holds even more changes. In this chapter, we’ll discuss some of the biggest trends and let you know how to keep up with the times.
How Millennials (And More) Are Shaping Payments
Millennials still attract a lot of media coverage, and for good reason. They represent over $170 billion in purchasing power.⁷ But considering millennials’ needs isn’t an innovative business practice anymore — or even an optional one. After all, most people in this generation are in their late 20s to mid-30s. Forward-thinking business owners are planning ahead for Gen Z.
Both millennial and Gen Z consumers appreciate the convenience of digital banking and shopping. They’re fans of a multi-channel approach to shopping, engaging in a mix of social media and online research as well as in-person store visits. But there are also important differences between the generations.
A report by Javelin pointed out that Gen Z grew up with smartphones as a standard accessory,⁸ rather than witnessing the technology emerge, as millennials did. It should therefore come as no surprise that Gen Zers are twice as likely as millennials⁹ to use mobile wallets and person-to-person payment services (such as Venmo).
What that means for business owners is that mobile payments may only be a “nice to have” feature for so long — it may become a necessity. In 2017, Gen Zers used credit cards to make purchases half as often as millennials. About half of Gen Z members don’t plan to apply for a credit card at all,¹⁰ possibly scared off by the debt load of previous generations. If you focus on mobile payments and an engaging store experience now, you may find yourself much better prepared to meet the shopping and payment preferences of the rising generation of customers over the next few years.
Quicker Payment Processing
It’s easier than ever to order almost anything online. Even a grocery trip or coffee run can be replaced virtually. Fast food companies like Burger King, Starbucks and Chipotle are testing or implementing mobile payments. Some restaurants, such as Sweetgreen, are even dropping cash altogether. The goal? Speed. Making your online payment processing quick and streamlined means a more convenient customer experience, which can lead to return visits to your online store. Get customers from “Proceed to Pay” to “Thanks for your purchase!” faster with these steps:
- Accept NFC payments. Mobile will only increase in demand. Offer this effortless, touch-to-pay option to stand out against competitors and leave a lasting, positive impression on your customers.
- Offer auto-billing. Customers ordering on a regular basis may appreciate the convenience of recurring billing. Capturing digital signatures lets you set this feature up securely and easily.
- Create customer accounts. Even if a recurring billing setup doesn’t fit your business, you can still simplify checkout for returning customers. If users can set up a secure account, they can enter their preferred payment information once and streamline their checkout steps on the next visit.
- Generate reports faster. You deserve tech that makes your side of payment processing simpler, too. Preparing batch reports the old-fashioned way is tedious, time-consuming work. Store your online and in-person transaction records in a centralized Virtual Terminal system that can do the grunt work of managing batch reports for you.
- Speed up EMV transaction times. This applies to in-store purchases, but it’s still worth a mention. Reading a chip card can take four to 20 seconds. If your payment processing technology can keep you on the shorter end, you’ll provide a smoother checkout experience.
Simpler Account Management
Expanding from cash-only to accepting multiple forms of payment opens your business to a wide network of customers who prefer card and mobile payments. For a long time, the trade-off for business owners was opportunity versus convenience. The cash-only approach is a more restrictive model, but it’s indisputably simpler than worrying about the fees, security and compliance rules surrounding credit card processing. Fortunately, Merchant Service Providers that keep up with industry changes can make accepting cards as simple as possible. Mobile will be required for Gen X; you can view this as an investment in the future.
Security compliance is one of the biggest concerns for small business owners. Minimize your risk of a breach with a PCI DSS-certified provider. Your payment processing provider can break down what you need to know to stay compliant. We’ve already covered batch reporting, but that’s only part of how a nimble payment processing system can help you. Compare transaction reports using a variety of time frames, review which cards your customers use most and search easily for individual transactions. You can streamline tasks such as locating a transaction undergoing a chargeback dispute or analyzing a high-level view of your business to make the best strategic decisions going forward.
Customer Experience Makes Businesses Stand Out
As more businesses embrace e-commerce, offering customers the ability to shop from home loses its edge as a feature. Optimizing your online store for the best customer experience can still set you apart, though, according to a report from Accenture.¹¹ Most respondents — and 70 percent of millennials and Gen Z members — are interested in services that help them manage their money while they shop. Sixty percent, for example, would consider sharing online bank account credentials with third parties so they can review their balances before making a purchase.
Doubling down on speed and security is the best tactic to impress customers. Here’s a quick checklist for you:
- Sell online. If you gain one takeaway from this chapter, it should be that selling online is worth your time. The overhead is low and it allows you to capture passive sales, showcase your product alongside competitors and build your reputation.
- Make sure your provider is Level 1 PCI DSS-certified. A data breach compromises customer information, breaks trust and could potentially topple your business. With more customers using their smartphones to make purchases on-the-go, it’s more essential than ever to offer a secure online storefront.
- Simplify checkout. The more steps necessary to make a purchase, the higher the rate of abandoned carts. Capture customer information, including digital signatures, securely so that returning customers can complete a purchase with a single click.
- Aim for a seamless experience. A payment processing API can slide neatly into your existing website, instead of sending customers away to finish a transaction.
- Try A/B testing. If you’re struggling with conversion, presenting different interfaces to different groups of customers can help you identify trouble spots that turn customers away.
Online payment processing should do more for you than open the door to e-commerce opportunities. It should improve your overall business operations. An excellent payment processing system can affect almost every facet of your business, from back-end accounting and reports to improved customer experience. It’s increasingly important for businesses to shine in both digital and brick-and-mortar form, so find a Merchant Service Provider that can support you seamlessly, wherever customers find you.
The future may not be filled with Jetsons-esque flying cars, but we’re already seeing tech developments even more impressive than those of the futuristic cartoons we watched as kids. If we were to boil down the future of online payments to a few essential attributes, we’d pick the following:
Integrating these qualities into a streamlined payment processing experience strengthens the impact of each one. You already know the value of accessing the e-commerce market. Your next step is to optimize your store’s ability to protect customer information while providing an easy, convenient checkout, wherever customers may be. As for a personal touch, you know your customers’ shopping preferences best. A payment processing system with flexible options to encompass your target audience’s needs gives you the power to turn that knowledge into daily business practice.
In the broader context of credit card payment processing, what’s most valuable to learn from this guide is that going paperless and reducing your PCI scope are best done sooner than later. By going paperless, you can trigger dozens of operational benefits that will save your business hours per month. In terms of security, being smart about who you partner with and being up-to-date with important fraud-prevention technology can help you reduce your liabilities and protect what matters most: your business and your customers.