This guide is your one-stop shop for those seeking information about credit card processing. As leaders in the payment processing industry, we aim to educate businesses and provide transparent, straightforward information. We hope this comprehensive ebook serves you well as you continue to educate yourself in the payments space.
As a business owner, an office manager, a receptionist or even a consumer, we all know how credit card processing works, right? A customer swipes or inserts his credit card into a card reader, authorizes the amount with a signature and goes about his merry way. 
It may seem straightforward at first, but there’s an industry of regulators, providers and security professionals that make this process appear simple and seamless.
This guide is designed to illuminate the inner workings of credit card payment processing. You’ll learn basic definitions and explanations to ground yourself in this industry, be exposed to the different players in the space (many of whom you’ll partner with for your business) as well as the technology needed to accept payments today, and in the years ahead.
Next, we’ll dive into fees. While fees are a pain in any industry or situation (personal and professional) not all credit card payment processing fees are legitimate. We’ll expose which ones you should never pay as well as educate you on fees that are fair and how much they typically run.
Operating a modern business usually means equipping it with a lot of software. We’ll cover relevant software for your business that makes payment processing easy and efficient, saving your staff precious time on every transaction. With all this information coming at you, you’ll want help comparing your potential providers. We’ll give you the tools to do just that.
Payments are only as good as the security protecting them. We’ll explain the technicalities you need to know in order to run a safe, healt
hy business. We’ll discuss pain points and the potential revenue stream — and setup — of an online store and conclude with information about the future of payments. Due to constant updates to combat fraud, payment technology is always evolving. Learn what you need to know to partner with providers that will last for the long haul and to invest in future-ready equipment.
Without further ado, we’ll dive into the terminology you’ll want to know to start researching payment providers and how they impact your business.
Whether you process thousands or millions per month in credit card volume, it’s imperative that you understand how credit card payment processing works. Despite the costs and complexity associated with credit card payment processing, not accepting credit card payments means leaving too much money on the table. Conversely, processing large credit card volume on an expensive rate plan or paying hidden fees could hurt your business just as much.
Small businesses risk losing customers who prefer to pay with credit cards, undermining their ability to get up and running, and grow. On the other hand, large businesses can end up paying too much in credit card fees with a one-size-fits-all rate plan. This can rob large businesses of profits they deserve to keep and invest.
The payments landscape is ever evolving as new technology and security methods make their way into consumers’ habits and wallets. 
With tap-to-pay mobile options at a 17 percent adoption rate and anticipated to become more popular, you’re only hurting your business by not taking credit card payments or failing to upgrade to more modern payment processing technology. Convenient payment methods like mobile and credit card, are increasingly important to younger consumers. It’s estimated that 45 percent¹ of millennials would shop elsewhere if credit card processing were unavailable.
This definitive guide will cover everything from basic definitions to insider tips to lower your credit card rates. An honest payment provider is hard to find, making it all the more important to do your research and know how credit card payment processing works. That way, you can advocate for your business, take the security measures needed to get the best rates and ultimately protect your customers. After all, poor protection of your customers’ information could result in lost business and risk of closure. We’ll dive into new payment technology; the information you need to defend yourself from chargebacks, data breaches and more; along with product comparisons.
With anything complex, there is often jargon, terms and phrases that beg definition. This list of definitions will prime you to understand different payment methods, security features and considerations. Use this as a reference as we dive into these topics — and how they’re connected — throughout this guide.
Sound complex? Don’t worry. Now that you know the terms, you’ll see them in practice as we explain how transactions are authorized, captured and settled, as well as the providers that facilitate these processes. In this guide, you’ll learn everything needed not only to be informed about your credit card processing but to become an advocate for your business’s fair treatment.
Every step of credit card payment processing involves a middleman, which generates costs. Knowing standard rates, rate plans and regulated fees will help you spot unfair billing practices and secure fair rates for your business and eliminate unnecessary middlemen.
As we initially stated, credit card payment processing seems smooth and simple on the surface. But once you dive into how a credit card transaction gets authorized and approved, you soon realize that this illusion is the product of a well-executed dance among multiple providers — each of which is key to the completion of successful payment.
In this chapter, we’ll introduce you to the many providers and explain how transactions are processed and why different fees are levied on businesses.
Now, here’s how these providers interact. Every transaction undergoes the following six-step process to either authorize and approve or reject an in-person credit card payment.
All of this happens in a matter of seconds. For card-not-present or e-commerce transactions, a shopping cart collects the credit card number, and a Payment Gateway helps to facilitate the transaction.
After a successful credit card authorization, a business has the option to hold or settle the transaction. If held, the transaction must be captured within a certain time frame in accordance with the Card Association. This duration may vary, but held transactions typically must be settled within five to seven days. If a held transaction is not settled in that time frame, it’ll be voided.
It may appear prohibitively expensive to accept credit card payments with so many providers taking a cut of your profits. 
That said, not taking credit card payments can harm your business more in lost sales.
Most of the providers introduced in this chapter make money by charging fees for each transaction they handle as well as for using their services. Some of these fees are charged directly to the business, while others are passed down from one provider to the next. Here’s how each of these providers makes money:
Unfortunately, with so many fees charged by multiple parties, it can get confusing to review your monthly merchant statement. Some providers take advantage of this inherent confusion to pad their fees and even add in fake ones to make more off each merchant account. We’ll dive into this more later and give you examples of what common unethical fees may look like on your statements.
Obtaining support and understanding your total credit card processing costs can be challenging with so many disparate service providers. After all, credit card processing is just one facet of your business. You have additional providers for everything from Wi-Fi to inventory.
You can streamline your payment providers by opting for an all-in-one Merchant Service Provider and Payment Gateway. Doing so will help you eliminate your Payment Gateway bill and process in-person as well as online transactions with just one provider, resulting in more straightforward support access and clearer merchant statements.
Cash or credit, paper or plastic? Customers simply pick their preferred option at checkout and continue with their days. For business owners, accepting credit card payments is a bit more involved. You deal with more of the background ins and outs of equipment, security, customer convenience and accounting. Equipping your business to swipe (or tap, or key in) cards can also require different procedures for your brick-and-mortar and virtual storefronts.
Let’s dig into the providers and processes you need to know to understand what credit card processing entails, however you do business. Getting familiar with your options can lead you to the best providers to handle your needs.
Accepting credit card payments looks a little different for an in-person versus a card-not-present transaction. As of February 2017, around 43 percent of consumers² researched and completed purchases online with multi-channel retailers. 
Both in-person and e-commerce sales are thriving, so businesses need to be ready to attract both.
For in-person sales, customers swipe or insert their cards into a physical card machine. The card reader sends authorization requests through several parties, including issuing banks and the Merchant Service Provider. A signature, and sometimes even a photo ID check, confirms that the person standing before you really is the cardholder. While the entire process typically takes less than 10 seconds, most customers (and even employees) will never know how many steps it takes to authorize a credit card transaction.
Online, of course, you can’t physically swipe a card, so you’ll need a Payment Gateway for e-commerce sales. A secure shopping cart and Payment Gateway minimize the risk of fraudulent transactions. It’s harder to prove cardholder identity with online transactions, so you can expect Merchant Service Provider rates to be higher than what’s charged for in-person sales.
You can make life easier on yourself by setting up a central system for your credit card readers. A traditional POS terminal that relies on paper receipts to record transactions demands extra work from you. Tracking sales involves collecting the paper reports from each individual card machine. Inputting data, storing receipts and maintaining spreadsheets is time-consuming, and you risk misplacing important transaction information.
The best credit card processors on the market today can communicate with software and other devices, so business owners can generate reports easily and check sales at different registers or store locations.
Handling credit card transactions in person is the most straightforward, secure variation. You can still take steps toward ensuring optimum security by choosing up-to-date tech for a more streamlined customer experience.
The first critical feature to check for is swipe-and-chip capability. The best card readers (and, frankly, the only ones you should consider these day
s) allow cardholders to insert their cards for the machine to read their chips. EMV compliance can affect your liability for card-present credit card fraud, so supporting chip cards helps protect your business as well as your customers.
Pay attention to how the credit card processors you’re considering record transactions, too. Digital records can make preparing batch reports and locating transaction details a quicker, easier process than relying on paper receipts could. Digital signature capture can add another level of security, too. You may be able to essentially eliminate friendly chargeback costs by capturing and storing customer signatures in the cloud.
In order to accept credit card payments through your online store, you’ll need a Payment Gateway in addition to a merchant account. Dreading the prospect of adding yet another service provider to your business’s back end? Don’t worry: There are some all-in-one services that can handle all your transactions. Consolidating services to one provider isn’t as complicated as it sounds and can result in a simpler experience for you.
Minimizing expenses is a perennial concern for many business owners. The good news is that shopping around and asking smart questions can help you accept credit card payments online without adding too much to your expenses. Look for a Payment Gateway provider that will work on a month-to-month basis, rather than on a contract. These providers tend to offer better customer service because you’re free to leave at any time.
Restrictive contracts can lock you into paying for a service you no longer need or keep you from pursuing a better deal. Ask about fees before working with a Payment Gateway, too. 
Some miscellaneous fees (such as a Payment Gateway fee) don’t really do anything but pad the provider’s pocket. A reliable, trustworthy provider doesn’t have to resort to gimmicks like unnecessary fees to keep its business solvent.
You’re ready to upgrade your business to accept credit card payments, but with so many options on the market, it’s tough to know where to start. Which is the best credit card processor for you?
We hate to say it, but as with many other business choices, the answer is, it depends on your specific needs. You know your growth targets, transaction volume and business priorities better than anyone else.
With that said, we can offer a checklist to point you toward the best credit card reader to fit your small business. Look for providers offering:
To stay on top of an ever-evolving market, business owners should consider branching out to accept new methods of payment. Mobile payment options represent a relatively small slice of consumer transactions, but it’s worth considering card readers that can cater to customers who like to reach for their e-wallets.
Services like Apple Pay and Android Pay use near-field communication (NFC) technology to authorize a transaction. NFC lets applicable devices communicate with each other when they’re held an inch or so apart. 
Besides e-wallet platforms, several major credit card issuers now offer contactless cards as well. Some consumers prefer this method for its high degree of security and convenience. EMV and contactless cards generate a unique code for each transaction that expires after one use, making card information much harder to steal for fraudulent use. NFC payments can also be faster than EMV chip card payments, so some customers prefer this extra convenience. Offering alternative payment methods as options can set your POS experience above the competition’s.
Accepting credit cards means working with a long list of financial parties, all of whom take their cut. Although cash-only operations are simpler, many small businesses can’t afford to miss out on the revenue from credit card transactions. Working with a Merchant Service Provider can consolidate some of the necessary services, resulting in fewer middlemen to deal with. Choosing a rate plan and understanding the bill, however, can present yet another hurdle. In this chapter, we’ll walk you through fees, rate plans, and business practices you should consider to ensure you’re working with the right provider.
A Merchant Service Provider’s billing statement can be a complicated document to read. The exact terminology for various charges often differs from provider to provider. Before you enter into an agreement with a provider, ask for a sample billing statement so you can familiarize yourself with the language and organization it uses (some providers combine Payment Gateway fees and AVS fees into one umbrella “transaction fee” line item, for example). Here are some typical credit card processing fees and costs to know:
Here are some additional factors that can influence how much you’ll pay to accept credit card payments:
A Merchant Service Provider may have 
some wiggle room in terms of price. Going through the features and fees one by one with a representative may save you some money. The key to an effective negotiation is preparing beforehand, and for credit card processing fees, that means knowing what costs the provider controls and which fees are non-negotiable.
Interchange is an important fee that gets passed through from the credit card issuer, through the provider (whether it’s a Payment Facilitator or Merchant Service Provider), and finally to you, the merchant. It’s not possible to shop around for different providers based on this rate, as they don’t have any control over it. Card Association fees, also called dues and assessments, are another cost you’ll see reflected wholesale.
The card issuers charge a small fee per transaction, often about $0.10, which is a fraction of a percentage of the sale. Depending on the card issuer, this charge may appear on your billing statement as the acquirer processing fee or network access and brand usage fee. Ask about any fees or acronyms on your statement you don’t understand. Finally, card issuers sometimes charge incidental fees for transaction processing problems or mistakes. You might see this listed as a Transaction Integrity Fee or a Misuse of Authorization Fee, among other possible names.
With wholesale fees accounted for, you can now look at the fees a Merchant Service Provider may be able to negotiate with you.
The provider may have a lengthy list of fees, but a reputable business will take the time to help you understand what you’re paying for. While you may not be able to talk down every fee, you should at least have the sense that the charges are fair.
Some credit card fees may sound legitimate but are really just a bogus way to collect extra money. We see pointless fees as a warning sign: If the provider is willing to make a flimsy excuse to grab a few bucks, they may be performing other shady business practices, too. Tread carefully when you see a provider charging the following:
As we’ve already discussed, not all card transactions are alike. Furthermore, you may see your rates change even when the monthly processing volume remains steady. What gives? It turns out that the ratio of the transactions you take impacts your costs just as much as the volume does.
The three most common structures for credit card processing play a major role in how transparent and cost-effective your billing statement is.
.jpeg?width=600&name=Interchange-plus-rate-1%20(2).jpeg)
Overall, IC-plus is the way to go in terms of both pricing and transparency. Other models may be more convenient for businesses just starting out, but the best value in the long run is with a provider that offers IC-plus credit card processing with a low, fair markup.
There is software available for just about everything in today's marketplace. And payment processing software that can enable your business to move online and access dozens of beneficial features is no exception.
In this chapter, we’ll outline the top things to look for when comparing online payment services and how the credit card processing software you use will help your organization efficiently and securely accept payments.
Credit card processing software is commonly referred to as a Virtual Terminal. As the name suggests, a Virtual Terminal is much like a POS machine except it’s online. 
Gone are the days of relying on paper receipts to maintain your business’s transaction records. With a Virtual Terminal, you can access that data online anytime.
There’s something tricky that’s worth noting here: Most credit card terminals that connect to online payment services use middleware. This type of software increases your risk of fraud and liability because middleware brings your business within PCI scope. By avoiding middleware, you reduce your PCI scope and your risk of fraud and liability. We’ll dive deep into what PCI means, who it impacts, and why you want that impact limited later in this guide. But it’s worth noting now that any terminal you’re looking to connect with payment processing software should not contain middleware.
Assuming that you want to go digital and find a provider that can help you both record your transaction histories online and store individual, signed receipts, you’re ready to consider other capabilities of credit card processing software.
The best online payment processing provider will offer the following features to make its customers’ lives easier:
PCI Level 1 Security
First things first, it doesn’t make sense to engage with online payment services that aren’t secure. If you’re going to store your data (and your customers’ data) online, confidence in your data's security is crucial. This can mean the difference between returning customers who trust your business and lost customers and a damaged reputation.
Go with a PCI Level 1 provider and settle for nothing less. Even better, go with one that has a proven long-term record of adhering to the strictest requirements of the Payment Card Industry Data Security Standard. This will give you peace of mind that you’re trusting a provider that is dedicated to your security and that of your customers.
Paperless Processing
You may already be using software that reduces your reliance on paper. If you manage a medical office, this could be an electronic medical records service. For auto dealerships, it could be a dealership management system. These softwares help reduce your reliance on paper and help you move to the cloud, but they can’t do everything.
Your transaction receipts are a large part of your business maintenance. Your cashiers must keep track of receipts, and if you operate a multi-location business, you may have to rely on courier services to transport all those receipts to a centralized location to be reviewed, boxed and eventually stored off-site.
With the best online payment system, you can then search for a transaction from within the Virtual Terminal by typing in the cardholder’s name, transaction date, amount, etc.
Now, you may be wondering about your customers’ signatures. After all, you need to print a receipt to capture a signature, right?
Not necessarily. Credit card terminals that feature an electronic signature pad are increasingly common. Digital signatures carry the same legal legitimacy as printed ones in the United States. With a terminal that captures digital signatures and stores them in the cloud, you can keep a record of each transaction along with a signature in the event of a chargeback dispute. No need to maintain and store physical boxes of receipts for years on end.
Cards on File
With a PCI Level 1 provider, you can move forward with the best online payment service out there: customer cards stored on file.
When seeking the best online credit card processing, look for one that tokenizes your cardholder data. This ensures that no one can access or decrypt the true cardholder data (including anyone from your business). The only party who can make sense of the token — a randomly generated string of characters that has no value if breached — is the final provider in the transaction: the Payment Processor.
With security in place, you can accomplish so much by maintaining cards on file. For one, it enables efficient and convenient handling of transaction edits, voids and refunds. You no longer have to trouble your customers to come in for a transaction adjustment. Additionally, storing cards on file provides a boutique experience. Your customers will feel like family, with the effort to pay minimized to the click of your finger on a mouse.
Better still: Select a credit card processing software that can accept ACH e-checks. This will broaden your accepted payment types, result in fewer trips to the bank to deposit checks and increase cash flow. ACH can help include customers who don’t have a credit or debit card, or simply prefer flexibility with their payments. For businesses with high transaction values, like veterinary or medical clinics, this is even more critical.
Recurring Billing
With cards on file, the best online payment system will let you take things a step further to recharge customers on a recurring schedule. This is fantastic if you operate a business with subscription payments, installments, memberships or payment plans. Instead of your team manually following-up with customers to obtain payment, it’s automated.
If recurring billing is available in the payment processing software, ask if you’ll be notified of delinquents in a way that makes following-up easy for your team.
Cumulative Reports
The best online payment processing provider will help you do more in less time. Take your sales reports for instance. With transaction histories stored in the cloud, you should theoretically be able to obtain automated sales reports showing how your business is trending over time, this month, year-over-year, etc.
These types of reports usually take painstaking diligence in Excel and are subject to human error. With a system that can automate this, you can keep a finger on your business’s pulse more accurately while gaining a viewpoint over multiple comparisons and time frames that you simply wouldn’t be able to maintain on your own.
Automatic Batching and Deposits
In the same vein, the best online credit card processing software makes tedious tasks like deposit reconciliation a thing of the past. This may not happen to you often (if you’re lucky), but a discrepancy in your deposit and batch totals can lead to a long guessing game that may prove fruitless.
For big businesses, you may need a full-time accounts receivable employee who focuses solely on balancing your deposits. Reasons for discrepancies can include Amex fees, chargebacks and miscellaneous payment processing costs.
Because you’re using online payment services, everything should be digitized. Instead of printed batch receipts that you can only access once, you have access to automated batch reports in the cloud. Pair these with a deposit report that shows on a daily basis what debits were taken for Amex, which are chargebacks, and so on, and you have a winning payment processing software.
User Access and Customization
These attractive features aside, flexibility is what will make the best online payment processing provider stand out.
Your business is unique. You may manage a large staff and want to keep tabs on what they can access and do in a Virtual Terminal. You may manage multiple locations and want to see sales separated by department or location as well as merged for an overall perspective. You may want to view all this under one login.
Selecting a payment processing software that allows you to restrict users as needed to certain functionality and visibility, as well as customize transaction fields is highly recommended. Some use cases may include restricting certain users from issuing refunds and accessing reports as well as ensuring that every keyed-in transaction runs AVS.
There are two additional features we’ll cover that really define the best online payment system: remote signature capture and hosted online payments. These are unique and are only offered by limited providers.
These features are relevant for e-commerce businesses (which we’ll dive into in chapter 9) as well as businesses that take payments over the phone. With remote signature capture, you can charge customers over the phone and email them a digital receipt to sign with their mouse or their finger. At this time, PayJunction is the only software provider that offers this. Meanwhile, hosted payments allow any business to add payment processing functionality, such as a shopping cart, to its website with a simple HTML-generated button.
Again, partnering with a PCI Level 1 provider is critical, as a hosted payment setup redirects your customers from your website to the provider’s online payment service to handle the transaction. This makes it effortless to start accepting online payments, which can reduce your accounts receivable and drive up customer satisfaction. Who doesn’t like to pay bills from the convenience of their couch?
To sum up, the best payment processing provider will enable you to go digital with your payments. This can open a host of amazing features that will boost efficiency for your cashier and management team. Your company will get more done in less time and save money with these improvements, making the investment in payment processing software well worth it.
Running a business is far from easy. Sometimes it can feel like a “two steps forward, one step back” process. You’ve done your homework, and you know accepting credit and debit card transactions can attract customers who prefer plastic. 
Still, the cost of credit card processing services and the risk of chargebacks can make business owners nostalgic for the cash-only days.
Your best bet is to start out strong with a Merchant Service Provider that minimizes your security risk and charges you the best rates for excellent service. In this chapter, we’ll give you the tools you need to find and then evaluate the best credit card processing companies on the market.
You’ll find a lot of options out there when you’re researching the best credit card processing fit for your business. Your business size, your transaction volume and where most of your sales come from can affect your needs, but the following factors are essential to compare for almost any business:
Once you’ve narrowed your potential partners to a credit card processing company shortlist that meets basic standards on technology and pricing, it’s time to ask for more details. The best company for you will have services in place that cater to your specific approach to doing business. Here are a few offerings that might interest you:
Comparing features, price and service 
offerings will tell you a lot about the providers you’re considering. Contacting the top companies on your list directly and getting personalized information, though, can really set the right provider apart.
Following these best practices will help you find the ultimate credit card processing solution for you:
We cannot stress enough how important security is in any credit card related endeavor. A data breach can rob your business of trust and customers. With major breaches at Home Depot and Target in recent years, cardholder privacy is increasingly on consumers’ minds. And unless you’re a major retailer like Home Depot or Target, a data breach could spell the end of your business.
So, how important is security in payment processing? Hackers know where to get access to a large volume of credit card data and banking information. This is why ATMs, banks and even credit card processing companies are often under siege by scammers attempting to hack into their systems. Armed with this knowledge, it’s clear why every payment provider you work with must do everything in its power to protect your customers’ data.
What makes a payment processing provider secure? The card brands (Visa, MasterCard, Discover and Amex) manage the Payment Card Industry Data Security Standards (PCI DSS). Any business or organization that processes, stores or transmits cardholder data is subject to PCI requirements, which means that they’re within PCI scope.
Now, you may be thinking, “I accept credit cards at my business, but I’m not doing anything to be PCI secure!” or, “I’m looking to accept credit cards, but I’m scared of the burden this raises.” Yes, there is a responsibility that comes with swiping a piece of plastic. That’s because of the attention hackers place on businesses, providers and banks. And there are consequences of non-compliance: Your business can be fined $90 per compromised card and lose its merchant account if chargebacks exceed 1 to 2 percent. Losing your merchant account means you’ll no longer be able to accept credit card payments.
All is not hopeless, though. There is plenty you can do to demonstrate your due diligence and be a smart business owner when it comes to security. We’ll start with technical considerations when selecting a credit card payment software, followed by day-to-day tactics you can implement to fortify your security.
Choose Tokenization
If you want a credit card payment software that features cards stored on file, you’ll want to evaluate the method of data encryption. 
Two popular forms are point-to-point encryption (P2Pe) and tokenization. P2Pe masks data, which can be decrypted to show the exact values. In contrast, tokenization replaces sensitive data with a unique token (e.g., EO5L-X03K-S2LX-79BQ) that has no value if breached. The token is randomly generated and can only be decrypted by the Payment Processor — the last provider to handle the transaction.
Tokenization is preferable for these reasons. You’ll want all your providers to be PCI Level 1 compliant, but tokenization helps safeguard your business from security holes throughout the transaction process.
Avoid Middleware
There are two types of software: native and software as a service (SaaS). You’ll need one of these to connect your card reader with your POS system. With SaaS-based credit card payment software, your credit card terminal connects directly through the Internet. With native software, an additional program is installed on your computer. This additional software, known as middleware, puts your business within PCI scope because your computer and network interact with cardholder data.
Middleware slows down credit card processing by adding more software into the mix. Furthermore, being within PCI scope opens your business up to the following:
Getting your business PCI compliant can be very expensive.³ Costs can reach into the tens of thousands for merchants to achieve Level 1 compliance. And because compliance is assessed annually, you’d be subject to paying these costs on an ongoing basis.
The best thing you can do is reduce PCI scope from the start by opting for a SaaS-based solution. Because no native software is installed on your equipment, payments are processed directly by your provider, without interfering with your network or computer.
Here are six tactics you can implement to improve your security:
Run AVS and CVV
If you accept over-the-phone or online transactions, AVS and CVV are a must. AVS, the Address Verification System, confirms a cardholder’s identity remotely by asking for the address associated with the credit card. Card Verification Value confirms that the cardholder has physical possession of the card by requesting the three-digit code on the back of a Visa, MasterCard or Discover credit card or the four-digit code on the front of an Amex card.
AVS results in lower card-not-present rates. As a reminder: Interchange, the wholesale cost to run a transaction, goes up with risk and reward. Because AVS mitigates risk, the Interchange rate drops when it is implemented.
Pro tip: If a transaction results in an AVS mismatch — the address provided does not match the one on file — make it a business policy not to move forward with that transaction. While you may want to gain a sale, you could pay up to 64 percent more in Interchange rates. A failed AVS match will result in a downgraded transaction if approved.
Stop Swiping Chip Cards
Chip cards are intended to be more secure. Following a sharp drop in fraud across the globe, the United States began adopting this technology in 2012. 
Chip cards generate a one-time code every time they’re inserted into a chip card reader. This provides a more secure form of authentication. By swiping these cards, you’re losing out on the security benefits.
Chip cards aren’t going away, and chip and PIN is expected to be the new norm shortly. If you’re still swiping chip cards due to old equipment or equipment that isn’t EMV certified, it’s time to update your equipment. This will secure each one of your chip card transactions. Additionally, it will protect you from bank-initiated chargebacks. These types of chargebacks are instigated by cardholders’ issuing banks to encourage the adoption of EMV technologies. A signed receipt does not protect you from this type of chargeback.
Update Your Passwords
It’s against PCI guidelines to use shared passwords. Have each of your employees create a unique login for all computers, payment processing software and sensitive data. This helps business owners maintain accountability among staff as well as limit certain users’ access if needed.
Screen Your Emails for Phishing Attacks
Hackers are becoming increasingly creative with phishing emails. With the intent to obtain sensitive information (i.e., usernames, passwords and credit card information), these emails disguise hackers as a trustworthy contact prompting you to click a link that can lead to the installation of malware. 
Hackers may impersonate other employees or management at a targeted company to obtain their sensitive data.
If an email looks suspicious, we recommend dissecting it carefully to confirm the sender. Hard-to-detect phishing emails usually come from an address that looks almost identical to a contact of yours, but off by one character or from a different email domain.
Pick up the phone and call the supposed sender to confirm that he actually sent you the email. If the email is asking you to click on a link or fill out a form, double check before doing so. If you complete the action requested and it’s a phishing attack, there’s no turning back. If you confirm that the email is a phishing attack (or suspect as much) delete the email twice: once from your inbox and again from your trash folder.
Run Updated Software
Make sure you take advantage of all system updates as your applications release new versions. This includes your browser, your payment processing software and 
your operating system. Your card reader should also be programmed to meet certain best security practices.
You can lower your rates and prevent unnecessary downgrades by ensuring your card reader is current with the latest PCI-related security protocols. Lack of attention to this could be a sign that your provider is not as secure or as helpful as it should be.
Monitor Your Devices
Get into the habit of examining your devices for signs of tampering. Check for the following on a regular basis:
Objects attached to the front or back of card swiper slotsYou’ll also want to label and inventory all POS equipment you use. Make a checklist of these items and of aspects of your POS hardware to monitor. Then, make it a habit every two to four weeks to check in on these devices. Train your team how to spot suspicious activity so that each member can do his or her part to help prevent a data breach.
It can be daunting to read a lengthy list of security best practices such as this one. Luckily, PayJunction streamlines your payment security in the following ways:
PayJunction undergoes annual audits to maintain its PCI Level 1 status. This requires the verification of an independent auditor who visits all of our facilities and tests our systems to identify weaknesses and vulnerabilities. As an added measure, we enlist the help of another third-party security firm to run its own penetration tests. Separate audits occur for each one of the card brands.
Although all cardholder information is encrypted, we implement numerous safety measures — ranging from security cameras to badged entry and exit from our facilities — to ensure our data is protected. We undergo annual audits to stay up to date with the newest standards and technologies available.
It’s easy to check whether a provider is PCI compliant. Simply visit the Visa Global Registry of Service Providers page⁴ and type in the provider’s name to see whether it’s PCI compliant and when its annual validation expires. If your provider is not listed, look for a new provider that demonstrates a history of secure payment processing.
Paying with a credit card is simpler for many customers, but for business owners, it can be a nightmare. We can sympathize with the headaches payment processing can cause, because we’ve spent almost two decades developing our expertise in the payment space and trying to improve it.
We work to stay on top of new developments in payment processing, so we can help you stay up to date and solve common issues you may face when processing credit card transactions.
The first step is understanding what challenges you’re most likely to face so you can prevent them before they become a problem. Do any of these payment processing pitfalls sound familiar?
If so, you’re not alone. These pain points make it harder for business owners to maximize their profits and keep sales running smoothly. We’d like to help solve some of these challenges for you. Let’s jump in by tackling one of the top credit processing problems business owners dread: the chargeback.
Credit card chargebacks are frustrating because you’re literally paying for someone else’s crime. Chargebacks are a consumer protection service against credit card fraud. If a fraudulent transaction clears, consumers are anxious to get their funds back and protect their information. But if the goods are already in the fraudster’s hands, who eats the cost?
It can frequently be the business that charged the credit card.
Understanding the chargeback process is key to winning chargebacks when possible. Here’s what happens:
“Friendly fraud” chargebacks are the ones you stand a chance to win, because the transaction really was legitimate. We’ll outline how to make your best case against a chargeback.
As you may imagine, avoiding credit card chargebacks in the first place is far preferable to dealing with the complicated, risky process of fighting back against disputes. Having a chargeback rate of over 1 percent can even jeopardize your merchant account, so minimizing their occurrence is a must. The following practices can help prevent fraud, and provide you with evidence to counter “friendly fraud” disputes:
Use a Virtual Terminal that can locate specific transactions and customer signatures quickly.Strong fraud-prevention practices can solve multiple problems at once. Verifying transactions as they happen and updating your technology to accommodate EMV can reduce confusion, solve compliance issues and minimize the risk of card-present fraud. Better to have a declined transaction in the moment than deal with the headache of a fraudulent transaction later.
Any business, no matter how large and well-established, can potentially find itself at risk of a devastating data breach. Remember Target’s Black Friday security breach in 2013, which compromised over 70 million consumers’ data? A malicious hack into your system could mean serious trouble for your business.
Many articles about credit card fraud concentrate on online transactions. Admittedly, card-not-present transactions are riskier than card-present transactions, but neither is fraud-proof. These steps protect your in-person sales:
Collect those signatures. We really can’t stress this enough. Card networks won’t always require a signature for smaller transactions, but this personalized authorization is a critical step in protecting you and the consumer against incorrect chargebacks and fraud.A huge corporation like Target can ride out a massive data breach, but a small business may not have the resources to survive a devastating data security failure. You want your POS hardware, software and business practices to operate together to maximize security and reduce risk.
Merchants deal with a lot of fees surrounding credit card processing. One important victory for merchants was getting Card Associations to change certain guidelines, clearing the way for merchants to add surcharges of up to 4% to offset a transaction fee. Before you pass this charge along to the consumer, you still need to check whether you can and consider whether you should.
According to the National Conference of State Legislatures,⁵ 11 states don’t permit credit card surcharges. If you’re in a state that does allow them, you’ll still need to follow strict requirements. You must notify the Card Association at least 30 days in advance, follow rules on posting the information for the cardholder and adhere to rules about exactly how much you can charge. It’s a complicated process.
Surcharging is also a potential turnoff for some customers, so you need to ask yourself whether passing along the charge is worth the risk of customers taking their business elsewhere. If you do decide surcharging is a worthwhile strategy, make sure your POS system can comply with receipt requirements.
Your merchant account is theoretically the service that allows you to process credit and debit transactions. If you’ve had to deal with holds, freezes or warnings about termination, you’ve got a serious problem to solve in your payment processing.
Start by taking a hard look at your own business operations. If your transaction records have too many questionable entries, the merchant account holds or freezes are the least of your worries right now. Remember: Data security and fraud prevention are your top priority.
If you’ve reviewed your business practices and can’t find any red flags, contact your provider. Either you’ll learn about an important blind spot, or you’ll learn that this provider might be unnecessarily punitive and not the best fit for you. If a Merchant Service Provider is quick to impose fines or holds, and slow to respond with solutions to improve your credit processing practices, find a better provider that will partner with you to get your registers up and running again.
While we’ve waited to introduce e-commerce until later in this guide, it’s worth noting that there are over 1 million U.S.-based e-commerce businesses, according to some estimates.⁶ Among those, up to 30 percent are strictly e-commerce businesses, with no physical storefront.
So, while a number of businesses eventually develop an online presence, e-commerce is the start of the journey for many. We’ll explore how in-store and online payment processing compare along with the inner workings of how e-commerce operates and tips for becoming a pro.
Before we begin, here’s a recap of the key players that enable online payments:
When a customer makes an in-store person purchase the following six-steps occur:
Accepting payments online involves a few similar steps with different providers:
Although these steps take a matter of seconds, the transaction will sit as “pending” for 24 to 48 hours before the funds leave the customer’s credit card and are deposited into the merchant account.
As you can see, Payment Gateways relay an approval or decline for online transactions. Accepting online payments requires that you have an online presence in the form of a website or digital store. Next, you need a shopping cart or hosted checkout option to facilitate the payment. And lastly, you need a Payment Gateway. So, how should you go about evaluating and selecting a partner for these solutions?
When it comes to having an online presence, there’s no reason to wait. The Internet and social media are here to stay, and not having an online presence means you could appear less reputable and less legitimate. With an online presence, you can more easily drive foot traffic to your retail location, expose yourself to a global audience, appear in online results when customers evaluate comparable services and solicit powerful customer feedback.
That said, many businesses have websites but haven’t taken the extra steps to monetize them. Some reasons to create an online shopping experience include the low overhead involved, easy setup, visitor retargeting, customer convenience and legitimacy for your business. After all, you want to be present and able to fulfill customer requests when they’re reading product reviews and comparing prices. Their interest to buy may wane if they have to drive to your business. And if you aren’t local, then your prospective customers have no choice but to go with your digital competitors.
With the benefits clearly laid out, how do you get up and running fast? Luckily, there are a host of intuitive, easy-to-use and comprehensive online shopping carts. A few we recommend include Ecwid, 3dcart, CS-Cart, JigoShop and Jotform.
These ready-to-use shopping cart services offer plenty of features to get started and customize your store to your needs and preferences. With that step complete, you will now need to consider your Payment Gateway. Every online shopping cart has a partner Payment Gateway that it works with.
We recommend looking for the following when selecting a Payment Gateway:
It may seem overwhelming to juggle all of the different (but necessary) providers, but there are tricks to streamline the process that make it not only easier but also more efficient. When we say “all-in-one service,” we mean that the best Payment Gateway for your business is also a Merchant Service Provider.
Selecting an all-in-one provider allows you to consolidate to just one provider for your in-store and e-commerce transactions. Even if you’re only doing online sales, it’s smart to consolidate now as it will still eliminate your separate Payment Gateway bill. The best way to ensure you have the leanest setup is by evaluating all-in-one providers, then researching their integrated shopping cart partners, selecting one that works well for your business and signing up.
If you don’t want to involve a third-party shopping cart, some all-in-one providers also have a hosted checkout option. With this option, your customers click the checkout button on your site and are redirected to the checkout screen, which is hosted by your provider. No third-party shopping cart is involved. This setup is ideal for businesses that don’t have significant specifications and can make do with a more basic solution.
Once you’ve selected your preferred partners, there are steps you can take daily to run your transactions securely. Because e-commerce transactions are riskier, we always recommend using AVS and CVV to secure these transactions. Address Verification System (AVS) validates that the 
cardholder knows the billing address associated with the card. Card Verification Value (CVV) is the three-digit number on the back of MasterCard, Discover and Visa cards or the four-digit number on the front of Amex cards; by providing it, the cardholder proves that he has physical possession of the card. You can make these fields required in your checkout experience. We recommend not authorizing transactions with a failed AVS or CVV, as these are signs of fraud and these transactions will be downgraded if you authorize them. For AVS, you can take things a step further by requiring that both the address and the ZIP code match bank records.
Just as a poor customer experience can send retail customers running, a poor user experience can lead to shopping cart abandonment. This is when an online customer adds items to his or her shopping cart but fails to complete the purchase. Shopping cart abandonment is often a result of an unintuitive checkout process or technical issues that prevent the transaction from being approved.
To provide a confusion-free checkout experience, we recommend going with an established third-party shopping cart option. These solutions are built to combat abandonment by design and sometimes come with tools like retargeting that help you follow-up with potential customers about the items still left in their queues.
The concept of exchanging something for goods and services has been around since the dawn of civilization. We’ve come a long way, but the future of payment processing holds even more changes. In this chapter, we’ll discuss some of the biggest trends and let you know how to keep up with the times.
Millennials still attract a lot of media coverage, and for good reason. They represent over $170 billion in purchasing power.⁷ But considering millennials’ needs isn’t an innovative business practice anymore — or even an optional one. After all, most people in this generation are in their late 20s to mid-30s. Forward-thinking business owners are planning ahead for Gen Z.
Both millennial and Gen Z consumers appreciate the convenience of digital banking and shopping. They’re fans of a multi-channel approach to shopping, engaging in a mix of social media and online research as well as in-person store visits. But there are also important differences between the generations.
A report by Javelin pointed out that 
Gen Z grew up with smartphones as a standard accessory,⁸ rather than witnessing the technology emerge, as millennials did. It should therefore come as no surprise that Gen Zers are twice as likely as millennials⁹ to use mobile wallets and person-to-person payment services (such as Venmo).
What that means for business owners is that mobile payments may only be a “nice to have” feature for so long — it may become a necessity. In 2017, Gen Zers used credit cards to make purchases half as often as millennials. About half of Gen Z members don’t plan to apply for a credit card at all,¹⁰ possibly scared off by the debt load of previous generations. If you focus on mobile payments and an engaging store experience now, you may find yourself much better prepared to meet the shopping and payment preferences of the rising generation of customers over the next few years.
It’s easier than ever to order almost anything online. Even a grocery trip or coffee run can be replaced virtually. Fast food companies like Burger King, Starbucks and Chipotle are testing or implementing mobile payments. Some restaurants, such as Sweetgreen, are even dropping cash altogether. The goal? Speed. Making your online payment processing quick and streamlined means a more convenient customer experience, which can lead to return visits to your online store. 
Get customers from “Proceed to Pay” to “Thanks for your purchase!” faster with these steps:
Expanding from cash-only to accepting multiple forms of payment opens your business to a wide network of customers who prefer card and mobile payments. For a long time, the trade-off for business owners was opportunity versus convenience. The cash-only approach is a more restrictive model, but it’s indisputably simpler than worrying about the fees, security and compliance rules surrounding credit card processing. Fortunately, Merchant Service Providers that keep up with industry changes can make accepting cards as simple as possible. Mobile will be required for Gen X; you can view this as an investment in the future.
Security compliance is one of the biggest concerns for small business owners. Minimize your risk of a breach with a PCI DSS-certified provider. Your payment processing provider can break down what you need to know to stay compliant. We’ve already covered batch reporting, but that’s only part of how a nimble payment processing system can help you. Compare transaction reports using a variety of time frames, review which cards your customers use most and search easily for individual transactions. You can streamline tasks such as locating a transaction undergoing a chargeback dispute or analyzing a high-level view of your business to make the best strategic decisions going forward.
As more businesses embrace e-commerce, offering customers the ability to shop from home loses its edge as a feature. Optimizing your online store for the best customer experience can still set you apart, though, according to a report from Accenture.¹¹ Most respondents — and 70 percent of millennials and Gen Z members — are interested in services that help them manage their money while they shop. Sixty percent, for example, would consider sharing online bank account credentials with third parties so they can review their balances before making a purchase.
Doubling down on speed and security is the best tactic to impress customers. Here’s a quick checklist for you:
Online payment processing should do more for you than open the door to e-commerce opportunities. It should improve your overall business operations. An excellent payment processing system can affect almost every facet of your business, from back-end accounting and reports to improved customer experience. It’s increasingly important for businesses to shine in both digital and brick-and-mortar form, so find a Merchant Service Provider that can support you seamlessly, wherever customers find you.
The future may not be filled with Jetsons-esque flying cars, but we’re already seeing tech developments even more impressive than those of the futuristic cartoons we watched as kids. If we were to boil down the future of online payments to a few essential attributes, we’d pick the following:
Integrating these qualities into a streamlined payment processing experience strengthens the impact of each one. You already know the value of accessing the e-commerce market. Your next step is to optimize your store’s ability to protect customer information while providing an easy, convenient checkout, wherever customers may be. As for a personal touch, you know your customers’ shopping preferences best. A payment processing system with flexible options to encompass your target audience’s needs 
gives you the power to turn that knowledge into daily business practice.
In the broader context of credit card payment processing, what’s most valuable to learn from this guide is that going paperless and reducing your PCI scope are best done sooner than later. By going paperless, you can trigger dozens of operational benefits that will save your business hours per month. In terms of security, being smart about who you partner with and being up-to-date with important fraud-prevention technology can help you reduce your liabilities and protect what matters most: your business and your customers.