Category: Best Practices for Merchants
August 29th, 2014 by Elma Jane
High risk credit card processing is electronic payment processing for businesses deemed as HIGH RISK by the MERCHANT SERVICES INDUSTRY
The high risk segment of payment processing has become more important as banks and ISO’s have begun to tighten up their credit restrictions and underwriting policies. Businesses are classified as high risk primarily because of their product or service and the way they go to market. In merchant services, risk is related to CHARGEBACKS or customer disputes.
The more likely a business to have chargebacks, the higher risk the business. For instance, online businesses selling a weight loss product through a free trial offer, is more likely to have chargebacks than a retail store selling the same weight loss product.
Merchants are often unaware their business falls into the high risk category when they first start shopping for a merchant account. Getting a high risk merchant account can be difficult.
These providers have more stringent requirements and the application process is longer compared to traditional merchant account providers.
High risk businesses should expect to pay higher rates and fees for payment processing services. As a general rule of thumb, merchants should count on paying at least more than a traditional merchant account. Most high risk merchant accounts also require a contract of at least 18 months, whereas low risk providers offer accounts without cancellation fees or contracts.
ROLLING RESERVES are also a big part of high risk credit card processing. Most high risk merchants have some sort of rolling reserve placed on the account, especially new accounts without any processing history. A Reserve refers to an account where a percentage of the funds from transactions are held in reserve to cover against any chargebacks or fees that the processor may not be able to collect from the merchant. This is similar to a security deposit, but merchants don’t have to pay it up front. Reserves are a pain point for many small high risk merchants, but they are definitely necessary and without them, processors would not accept any high risk merchants at all.
What Businesses Are High Risk?
As mentioned earlier, businesses are usually classified as high risk due to the product or service they offer, however merchants with severely damaged credit or a recent bankruptcy can also be considered high risk. Below are just of the few common high risk merchant categories:
Adult Websites
Cigars & Pipe Tobacco Online
Collection Agencies
Credit Repair
Debt Consolidation
E-Books & Software
Electronic Cigarettes
Firearms – Online
High Ticket & High Volume
Medical Marijuana Dispensaries
Multi Level Marketing & Business Opportunities
Nutraceuticals like weight loss supplements, cleansers etc.
Penny Auctions
Sports Betting Advice
Ticket Brokers – Online Tickets
TMF Merchants
Travel & Timeshare
Unfortunately this list is growing and some credit card processing companies even classify any start up Internet business, that doesn’t have extensive financials to be high risk. With the recent economic recession in the United States, there has been an increase in these start up Internet ventures. People are either looking to supplement their income or start their own business instead of looking for work.
How To Protect Your Business
Accepting credit cards is the single most important part of most online businesses. Unfortunately, many successful businesses go under after having their merchant account shut down. High risk merchants should always be cognizant of their merchant account and pay attention to chargeback percentages. Below are some tips for high risk merchants looking for payment processing solutions.
Be Upfront: Make sure your processor knows exactly what you sell and how you market the product/service. If they don’t accept your business type, keep shopping for a new merchant account provider. Many merchants will try to fly under the radar by not revealing all their products or fully disclose their marketing methods to the processor. This is a bad move, the processor will eventually find out the details about your business. This is usually from doing an audit on your transactions and contacting your customers.
Negotiate Every 3 Months: Credit card processing companies underwrite applications based on previous processing history. If there is no previous history, the account is riskier and the terms offered are usually more expensive and restrictive. You can always re-negotiate your rates, reserves and other contract terms with your current processor. Once they have 3 months of history to evaluate, they may be able to offer you a better deal. Three months of history is the magic number for most processors. If you applied without the previous history and were declined, there is a chance the same processor will approve your application if you provide 3 months of previous statements.
Prepare For The Worst: All high risk merchants should keep at least 2 active merchant accounts, from different providers. You never know when underwriting guidelines might change, or you may have an influx of chargebacks. Having a backup account or even multiple back up accounts is a good idea. Many high risk providers offer a load balancing gateway, which allows for multiple merchant accounts to be integrated into one payment gateway. This way you can spread transactions across multiple accounts, through one shopping cart/gateway.
Posted in Best Practices for Merchants Tagged with: account, account providers, accounts, banks, card, chargebacks, contract, credit, credit card processing, credit restrictions, customer, customers, deposit, electronic payment, fees, financials, gateway, High risk credit card, High Ticket & High Volume, ISOs, low risk, marketing, merchant, merchant account, merchant services, multiple accounts, payment gateway, payment processing, processing services, processing solutions, processor, product, Rates, reserves, retail store, risk, ROLLING RESERVES, Security, security deposit, service, shopping cart, statements, terms, TMF Merchants, transactions, travel, underwriting
August 28th, 2014 by Elma Jane
Merchants are still using pedestrian passwords that crooks can easily break, security company Trustwave has found. Of the nearly 630,000 stored passwords that Trustwave obtained during penetration tests in the past two years, its technicians were able to crack more than half in just a few minutes and 92% within 31 days. Even though adding new information about weak passwords or ongoing malware investigations gets frustrating because the same problems facing the financial and payments industries persist, it does not surprise Trustwave researchers. For a lot of software or hardware developers, their main concern is availability of the service. They want to make sure their POS is available and running to accept credit cards, often at the cost of a lot of security controls. It is difficult to implement security and to do it correctly.
Trustwave recommends longer passwords with more characters, rather than shorter ones with letters and numbers. A longer password that is a phrase not easily figured out is better than a shorter, complex password. These findings have been added to an online version of the 2014 Trustwave Global Security Report. To accommodate the fast changing nature of security threats, Trustwave is regularly updating its research and making the information available to consumers and payments industry stakeholders on the company’s site. The criminals stealing data are a constantly moving target. It no longer made sense for those interested in our research to have to wait a year to see new statistics. Having access to updated security reporting should be helpful to merchants. They can see how trends are tracking over time, instead of constantly having to go online to see what is relevant to them or rely on the trade groups to keep them informed. This provides one switch to keep them in the know, so there is some value there and it’s a smart move on Trustwave’s part. Since the new Payment Card Industry security requirements call for security measures to be embedded in software development lifecycles, there is some utility in Trustwave’s new approach to sharing research information.
Trustwave said the trend of businesses detecting breaches continues to rise, with 29% of businesses doing so in 2013 compared to only 9% in 2009. Trustwave compiled that data from 691 post-breach forensics investigations conducted in 2013. The report also indicated e-commerce breaches are increasing, with 54% of all breaches targeting e-commerce sites in 2013, compared to only 9% in 2010. More regions, including the U.S., being in various stages of converting to EMV chip-based cards for card-present transactions fuels the criminals’ shift to e-commerce fraud. Additionally, the company is working with law enforcement officials after discovering a control center of eight servers behind what is being called Magnitude, an exploit kit of Russian origin that has led to thousands of attacks and millions of attempted malware attacks globally.
Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Point of Sale Tagged with: breaches, card, card-present transactions, company, credit cards, data, e-commerce, EMV chip-based cards, financial, fraud, Global Security, hardware, industry, Malware, Merchant's, online, passwords, payment, Payment Card Industry security, payments, payments industries, POS, Security, servers, software
August 27th, 2014 by Elma Jane
An IT services firm, announced earlier this week that it purchased a majority stake in cloud-based travel management company. With the move,hopes to strengthen its travel vertical by using software-as-a service travel IT platform. The future of software services lies in blending models with customized solutions and services over different stages of an enterprise lifecycle and across different business segments within the enterprise. The platform combined with the strong management team and travel domain specialist will further strengthen competitive position in the travel vertical.
Posted in Best Practices for Merchants, Travel Agency Agents Tagged with: business, cloud-based, company, domain, IT, management, platform, service, software, solutions, specialist, team, travel, travel domain, travel management, travel vertical
August 27th, 2014 by Elma Jane
Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.
The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.
EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.
Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.
Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: access, account, account numbers, anti-virus programs, authentication, Backoff, card, card networks, chip, credit, Credit card data, credit-card, data, data breaches, devices, digital payments, EMV, magnetic stripe, Malware, Merchant's, Payment Card Industry, payments, PCs, PIN, PIN cards, point of sale, POS, POS system, programs, Security, security standards, Smartphones, software, system, tablets, tokenization, tokens, transaction, Trustwave, websites
August 21st, 2014 by Elma Jane
Package delivery giant UPS has become the latest company to admit that customer payment card details may be at risk after it discovered malware at 51 of its US stores. In a statement, UPS says that customers who used credit and debit cards at 51 of its 4470 franchised sites between 20 January and 11 August are at risk. Names, postal and email addresses and payment card information may all be compromised, but UPS says that it has no evidence of any fraud, and that the malware has now been eliminated. Earlier this month the US government took the step of putting out an alert warning retailers about a new family of malware, dubbed Backoff, targeting point-of-sale systems. The UPS Store, received a bulletin from the government among many other US retailers that made them aware of the problem. As soon as they became aware of the potential malware intrusion, they deployed extensive resources to quickly address and eliminate the issue. Customers can be assured that they have identified and fully contained the incident. US merchants have found themselves under siege from hackers in recent months, with the most notable case seeing thieves use a vendor’s credentials to infect POS devices with malware and steal the details of around 40 million Target customer cards.
Posted in Best Practices for Merchants, Credit Card Security Tagged with: card, card details, card information, credit, customer, customer cards, debit cards, devices, fraud, Malware, Merchant's, payment, point of sale, POS, retailers
August 21st, 2014 by Elma Jane
Accept Electronic Payments in Their Currency, Convert it to Yours. National Transaction helps you and your customers transact with confidence.
DCC provides convenient currency conversion service at the time of purchase benefiting both the credit card holder and merchants. Our solution provides a system where the Visa or MasterCard holder in a foreign country can shop on an American based website that displays prices in their own local currency. Dynamic Currency Conversion utilizes a Bank Reference Table (BRT) otherwise known as a Card Recognition Table (CRT). This table is updated on a daily basis so that transactions have the most up to date conversion rate for transactions. Your web site holds pricing information in $USD, and based on the selection of the shopper, prices are converted to their native currency. At the close of the transaction an invoice or receipt can present the total to the customer in their currency, along with the merchants local currency along with the exchange rate that was applied.Your business reaches foreign nations expanding your market while presenting new opportunities, increasing your businesses bottom line and making international transaction with confidence. We have diverse set of applications to enable various kinds of business models and financial frameworks.
Posted in Best Practices for Merchants Tagged with: Bank Reference, Card Recognition, conversion rate, credit-card, currency, Currency Conversion, customers, DCC, Dynamic Currency, electronic payments, exchange rate, financial, invoice, MasterCard, Merchant's, pricing, rate, receipt, transactions, visa, website
August 19th, 2014 by Elma Jane
In response to the third-party threat, the PCI Security Standards Council has published a guide to help organizations and their business partners reduce risk by better understanding their respective roles in securing card data.
The Third-Party Security Assurance Information Supplement provides guidance practical recommendations to help businesses and their partners protect data, including:
Conduct due diligence and risk assessment when engaging third party service providers to help organizations understand the services provided and how PCI DSS requirements will be met for those services.
Develop appropriate agreements, policies and procedures with third-party service providers that include considerations for the most common issues that arise in this type of relationship.
Implement an ongoing process for maintaining and managing third-party relationships throughout the lifetime of the engagement, including the development of a robust monitoring program.
Implement a consistent process for engaging third-parties that includes setting expectations, establishing a communication plan, and mapping third-party services and responsibilities to applicable PCI DSS requirements.
One of the big focus areas in PCI DSS 3.0 is security as a shared responsibility. This guidance is an excellent companion document to the standard in helping merchants and their business partners work together to protect consumers’ valuable payment information.
Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: card, card data, consumers, data, Merchant's, payment, PCI, Service providers
August 18th, 2014 by Elma Jane
As a small business, you may have ignored Facebook, but it turns out that by not having a presence on Facebook, you could be missing out on a huge business opportunity. The social networking site has a huge influence on what products and services people buy. More specifically, Facebook significantly influences millennial shoppers’ opinions of small businesses, including their decisions to purchase items not just online, but in-store as well. Nearly 60 percent of consumers ages 18 to 29 engage with Facebook ads at least once per week before buying an item in-store from a small business. Additionally, 62 percent believe Facebook is the most useful social media outlet for researching small businesses before visiting a store in person. That’s considerably higher than the 11 percent who feel the same about Twitter and the 12 percent who believe Pinterest is the best site for researching small businesses. Overall, 59 percent of millennial consumers visit the Facebook pages of small businesses at least once a week. To succeed both online and offline small businesses must first understand consumers’ online-to-offline shopping behaviors and invest at least a portion of their digital marketing dollars into the right technology and tools to create precisely targeted, relevant and personalized experiences.
The true value of Facebook, doesn’t lie in simply driving likes and adding new fans. It lies in using personalized content to convert digital hunters into loyal, repeat in-store buyers. The study discovered that by increasing the deals they offer on Facebook, businesses have the potential to make an immediate impact on their bottom line. Nearly 85 percent of the shoppers surveyed said local deals and offers on Facebook are important in their decision to purchase an item in-store. Forty percent of those surveyed said they think Facebook offers that can be redeemed in local stores are most likely to influence their decision to visit the website of a small business. With so many consumers constantly turning to Facebook when making purchasing decisions, business owners especially those in the restaurant, spa/beauty and education industries need to come to terms with the fact that Facebook is a highly important marketing tool that needs to be actively attended to and not just something they check in on every now and then.
Posted in Best Practices for Merchants, Small Business Improvement Tagged with: consumers, digital marketing, Facebook, marketing, marketing tool, millennial consumers, networking, pinterest, products, purchasing, services, shoppers, social media, social networking, twitter, website
August 12th, 2014 by Elma Jane
With so much competition in today’s marketplace, it can often be a challenge to turn first-time customers into repeat customers. Providing good customer service isn’t always enough to keep consumers coming back. To create loyal customers, businesses need to be prepared to make their customers feel special and wanted.
Improve customer loyalty with the following:
Be quick to resolve issues. Not all products work perfectly and sometimes, paid services don’t meet expectations. Accept when customers’ expectations haven’t been met and work hard to make sure the issues are resolved to their satisfaction. They will remember this and will feel like their purchases are safe with you next time.
Keep in touch. Gather contact data on your customers when you can. Reach out to them with special offers and new products and services or just send them a birthday card. Use any excuse to keep your company in their minds.
Provide great service. Customer loyalty wanes when customer service is lacking. Make sure the customer is attended to promptly, courteously and efficiently. Listen to their needs and meet them as efficiently as possible. Customers will remember this, but they will remember bad service even more.
Reward loyalty. Once in a while, you should treat a loyal customer with a free product or special discount just for being loyal. You’ll be surprised at the loyalty this will generate.
Thank your customers. Chances are, you have competitors in your category and that means your customers have options. The fact that they chose you whether it’s because of your pricing, reputation or convenience is something that you appreciate, so show it. Thank them every time for choosing you and let them know in words and deeds how important your business is to them, regardless of whether they’re your smallest customer or your largest.
Posted in Best Practices for Merchants Tagged with: competitors, consumers, contact data, Customer loyalty, customer service, customers, data, free product, products, purchases, services, special discount
August 11th, 2014 by Elma Jane
Tokenization technology has been available to keep payment card and personal data safer for several years, but it’s never had the attention it’s getting now in the wake of high-profile breaches. Still, merchants especially smaller ones haven’t necessarily caught on to the hacking threat or how tools such as tokenization limit exposure. That gap in understanding places ISOs and agents in an important place in the security mix, it’s their job to get the word out to merchants about the need for tokenization. That can begin with explaining what it is.
The biggest challenge that ISOs will see and are seeing, is this lack of awareness of these threats that are impacting that business sector. Data breaches are happening at small businesses, and even if merchants get past the point of accepting that they are at risk, they have no clue what to do next. Tokenization converts payment card account numbers into unique identification symbols for storage or for transactions through payment mechanisms such as mobile wallets. It’s complex and not enough ISOs understand it, even though it represents a potential revenue-producer and the industry as a whole is confused over tokenization standards and how to deploy and govern them.
ISOs presenting tokenization to merchants should echo what security experts and the Payment Card Industry Security Council often say about the technology. It’s a needed layer of security to complement EMV cards. EMV takes care of the card-present counterfeit fraud problem, while tokenization deters hackers from pilfering data from a payment network database. The Target data breach during the 2013 holiday shopping season haunts the payments industry. If Target’s card data had been tokenized, it would have been worthless to the criminals who stole it. It wouldn’t have stopped malware access to the database, but it would been as though criminals breaking into a bank vault found, instead of piles of cash, poker chips that only an authorized user could cash at a specific bank.
A database full of tokens has no value to criminals on the black market, which reduces risk for merchants. Unfortunately, the small merchants have not accepted the idea or the reality and fact, that there is malware attacking their point of sale and they are being exposed. That’s why ISOs should determine the level of need for tokenization in their markets. It is always the responsibility of those who are interacting with the merchant to have the knowledge for the market segment they are in. If you are selling to dry cleaners, you probably don’t need to know much about tokenization, but if you are selling to recurring billing or e-commerce merchants, you probably need a lot more knowledge about it.
Tokenization is critical for some applications in payments. Any sort of recurring billing that stores card information should be leveraging some form of tokenization. Whether the revenue stream comes directly from tokenization services or it is bundled into the overall payment acceptance product is not the most important factor. The point is that it’s an important value to the merchant to be able to tokenize the card number in recurring billing, but ISOs sell tokenization products against a confusing backdrop of standards developed for different forms of tokenization. EMVCo, which the card brands own, establishes guidelines for EMV chip-based smart card use. It’s working on standards for “payment” tokenization with the Clearing House, which establishes payment systems for financial institutions. Both entities were working on separate standards until The Clearing House joined EMVCo’s tokenization working group to determine similarities and determine whether one standard could cover the needs of banks and merchants.
Posted in Best Practices for Merchants Tagged with: account numbers, bank, billing, card, card brands, card number, card present, Clearing House, data, data breaches, database, e-commerce, EMV, emvco, fraud, ISOs, Malware, Merchant's, mobile wallets, network, payment, Payment Card Industry, Security, smart card, target, tokenization, transactions