When you are first setting up a retail or an eCommerce endeavor, few decisions will be of as much importance as the payment provider that you choose. Your payment provider will handle each and every card transaction your online company makes, and if it doesn’t function properly, or if it has a lot of hidden fees, such as old legacy systems with long term contracts, you can be setting your business up to fail before you ever get started.
So, we are going to explain to you what you should be looking for when you reach this crucial decision in the setup phase of your business, and we will help you find a payment provider that meets your needs perfectly and sets you up to succeed in the business world.
As a general rule of thumb, there are three main factors that you really need to consider when you go to choose who you will be working with: The people involved in the transaction, the fees associated with each transaction, and how the transaction is handled behind the scenes. There are some smaller tidbits that can make a specific provider a better or worse choice, but those three factors will allow you to narrow your search down to a select few of top competitors that will truly help your company succeed.
The Parties Involved
Besides your bank and the customer’s bank, there are three different factors that go into every single one of your transactions, and a payment provider works with all three of them. There’s you, your customer, and the technology acting as a bridge between the two of you. We’ll go into more detail about all that, now.
The Customer
With this part of the transaction, we are really talking about the “issuing bank”. That’s your customer’s bank, and they handle lending the customer the money to make a purchase on your site, and they issue the card that the customer uses to make that purchase. This is your customer’s main form of interaction with the transaction process, and it’s one of the most important factors since it’s what starts the transaction in the first place. However, you have no control over this factor, and you can simply ensure that the technology, which we’ll talk about soon, makes their part of the transaction as smooth as possible.
The Merchant
This is you and your part in the transaction. You function as the merchant that the customer is engaging with, and in order to do that, you need a merchant bank to partner with and work as your company’s bank. A merchant bank functions differently than the bank you use in your day to day life. Instead of issuing you funds in advance for credit purchases and managing your checking and savings accounts, a merchant bank takes in your customers’ payments for you, and then puts those payments into a special merchant account that is a lot like a business’s checking account. Without a merchant bank, you won’t be able to succeed in the long-term with eCommerce.
The Technology Solution
Your technology, and the company handling it, is what makes a transaction possible in the first place, and there are two parts to this imperative factor: The payment processor and the payment gateway.
Processor
The payment processor is what actually handles the transaction. It moves the money between the different parties and delivers it to the banks and accounts involved. If your processor is subpar, your customer’s transaction experience will be, too. You need an up-to-date payment processor that functions smoothly and without any hassle placed on you or your customer to ensure that each customer enjoys a seamless transaction.
Gateway
The payment gateway is essentially what sends the transaction information to the payment processor. It links to your site’s shopping cart feature, and when a customer buys something, it connects to the payment processor and begins the transaction. In order to ensure that your transactions are smooth and effortless, this technological asset needs to be competent and able to easily satisfy your customers without being apparent.
How the Transaction Process Happens
The transaction process is fairly complicated, but it all takes place in a matter of seconds. In fact, it’s usually seemingly instantaneous.
Once a purchase is made, the payment gateway encrypts the transaction data to protect your customer and your business, and then it asks the customer’s bank if it will advance the funds for the customer’s purchase. If yes, the payment will be sent to your merchant account, and if not, the transaction will be denied and ended until a resolution can be found.
Once that step is completed, the funds typically end up being accessible by you the second your merchant bank acquires them and places them in your account, but you may be forced to keep a certain amount in the account to make sure you can cover any returns that pop up.
This part is not instantaneous. It can take a couple days to complete this part of the process.
Transaction Fees
This is easily the factor that you’ll want to pay attention to the most, because a lot of merchant service providers are downright misleading when they quote your rates, and you need to get a firm understanding of how a company sets up its fees to know what to actually expect from your bill.
Most often, companies will quote something like 1.8% rates to interest you and appeal to your more frugal side, but then they’ll apply all sorts of hidden fees that raise that rate as high as 11% without notifying you properly. As you can imagine, that can make your bill a bit more than what you thought it would be.
There are three rate models that are most often used:
Flat-Rate
You’re given a specific amount to pay, and whether that covers your total fees or not, that’s what you pay. You could be overpaying tremendously if you accept a quite a few low cost cards vs. the higher cost cards. The processor is banking on your acceptance of these lower cards to ensure all costs are covered.
Interchange Plus Pricing
This takes the interchange fee you pay and adds a small fixed rate on top of it. It’s not as consistent as a flat-rate fee because of the sheer amount of interchange fees out there and the number of different credit cards with all of the various reward and incentive programs.
Tiered Pricing
This is when the provider creates a few tiers of fees and charges you based on the tier your fees are in rather than each individual fee. The only bad thing about this is that the provider decides which fees go into which tier.
Other Important Things to Consider
Does your processor provide Data Security/PCI protection? What about financial breach protection, in the event you are breached?
Any business or other entity that stores, processes or transmits cardholder data must ensure that their processes meet the Payment Card Industry / Data Security Standard (PCI/DSS). Failure to do so can result in heavy fines being levied.
Understanding PCI/DSS
The PCI/DSS is a global standard defining acceptable practice for any entity involved in the storage, transmission or processing of cardholder data.
In recognition of the sensitive, confidential and valuable nature of this data the standard imposes strict regulations which must be met in full. The full requirements are detailed but are covered by 12 broad requirements. These are grouped into 6 broad control objectives as follows:
1. Build and Maintain a Secure Network and Systems – Install and maintain a firewall configuration to protect data – Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect Cardholder Data – Protect stored data (use encryption) – Encrypt transmission of cardholder data and sensitive information across public networks
3. Maintain a Vulnerability Management Program – Use and regularly update anti-virus software – Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures -Restrict access to data by business need-to-know -Assign a unique ID to each person with computer access -Restrict physical access to cardholder data
5. Regularly Monitor and Test Networks -Track and monitor all access to network resources and cardholder data -Regularly test security systems and processes
6. Maintain an Information Security Policy -Maintain a policy that addresses Information Security
Any entity handling card transactions must meet the standard and be able to demonstrate (certify) that it does so. The level of certification is flexible and depends on how transactions are processed and in what volume.
A Summary of Benefits
Achieving full compliance with PCI/DSS standards is more than an obligation. It delivers genuine benefits to businesses:
– Lessen the risk of fraudulent transactions
– Prevent security breaches
-Lessen the impact should a breach occur
– Reduce your business’ exposure to risk and liability
– Provide peace of mind for your customers
– Avoid the negative PR associated with data loss
Why are These Requirements in Place?
Card transactions have grown enormously in recent years as cards become the number 1 preferred form of payment. Since no physical money is handled or exchanged as part of these transactions they are dependent on the transfer of data.
That data therefore becomes sensitive and valuable and must be protected. Failure to protect this data can lead to fraud and theft. These crimes often impact both the card holder and the merchant directly. They can also damage or even destroy the reputation of businesses or organizations involved in hacks or data breaches.
More widely card fraud has the long-term detrimental effect of eroding consumer confidence and trust – both in the individual companies affected and in the card payment industry more widely.
Millions of consumers and organizations worldwide are choosing to pay by card. And millions of businesses, professionals, traders and organizations are accepting and handling these payments. Instead of allowing an ad-hoc approach where each business sets its own level of security the PCI / DSS was imposed. This ensures a uniformly high level of data security throughout the worldwide card payment industry.
Keep your Data Secure – Don’t get caught without PCI Data Breach Protection
There are no enforced standards in the card processing industry regarding rates, fees, and contractual terms. It is possible for two providers to offer seemingly the same rates and fees that result in different processing costs.
Excessive Monthly, Annual, or Quarterly Fees
There are numerous monthly, annual, or quarterly fees merchants may see on their statements each month. Many merchants pay far more than they should for these fees. The fees may have names like statement fee, service fee, membership fee, regulatory fee, PCI fee, and host of other names. The fair amount each merchant should pay for these fees varies by sales volume and merchant type. Also, the amount a merchant pays for any given fee isn’t as important as the overall processing cost. These are general guidelines; some merchants should pay far less. If you are currently paying more, it may be a good time to review your overall processing cost including your pricing plan, rates, and fees.
Excessive Payment Gateway Fees
A payment gateway route transactions from the merchant’s website to the provider. Some retail point-of-sales devices require a gateway to route the transactions. Merchants generally pay a per-month and a per-transaction fee for use of the gateway. As a rule, the direct cost to process through the gateway is a few cents per transaction.
PCI Non-compliance or Non-validation Fee
Many providers now charge a monthly non-compliance or non-validation fee if the merchant is not PCI compliant. This fee may be in addition to a monthly, quarterly, or annual PCI fee. Supposedly, providers charge the non-compliant or non-validation fee as an incentive for merchants to become compliant. Nonetheless, some providers use this fee more for revenue generation, than as an incentive. Some providers do not charge this fee at all.
Merchants should not change providers because of this fee. Instead, the merchants should become PCI compliant to eliminate the fee and reduce the probability of being breached, which could easily result in huge monetary penalties – tens of thousands of dollars. To become compliant, merchants should complete the PCI Self-Assessment Questionnaire and adhere to the PCI requirements, which may require quarterly scans. In short, if a merchant is being charged a non-compliance or non-validation fee, it is as much the merchant’s fault as anyone else.
Visa FANF Fee
In 2012, Visa started charging providers a Fixed Acquirer Network Fee (FANF). The actual fee charged by Visa is dependent on the merchant type. The fee for customer-present retail merchants is based on the number of locations. The cost for ecommerce and fast food merchants is based on the volume of business. Customer-present retail merchants that have non-swiped transactions can also pay an additional customer-not-present FANF fee.
Most aggregators – i.e., merchant account providers that group multiple merchants into a single merchant account, such as Square, PayPal – integrate the FANF cost into their rates and fees versus itemizing them out separately. Most traditional providers properly pass through the actual Visa FANF fee to their merchants. However, there are a few that treat this fee as another hidden revenue stream. I’ve seen providers charge a flat monthly fee for customer-present merchants and I’ve seen the FANF fee inflated by as much as 50 percent for ecommerce merchants. Keep in mind when reviewing that the fee is generally based on the volume of the prior month. In order words, the fee you see on your statement for April activity is likely based on the March volume, as providers need to know the monthly Visa volume before they can assess the fee.
Unusual Discover Card Fees
For Discover transactions, some providers charge a higher percentage, or higher per-item fee, or monthly access fee.
Good time for merchants to start noting how their provider is handling card company fee changes as well as any future rate and fee changes, especially if your contract will expire in 2014.
October 2013 Rate and Fee Increase Notices
Visa, MasterCard, and Discover Credit card companies generally make rate and fee changes in the April and October time frame, although they have also made changes at other times of the year. Inevitably, some banks and merchant account providers seem to take advantage of the card company changes by increasing or adding their own mark-ups and by pointing too much of the blame at the card companies for the increases. This time around isn’t much different than others and merchants have sent me some rate and fee increase notices that go well beyond any card company changes.
In understanding how your provider is handling the latest card company changes, keep in mind that there are two important changes for October 2013:
Discover introduced a .25 cent increase to all transactions.
MasterCard introduced a .25 cent increase to certain transactions.
Below are two examples of recent notices on the October changes. Understanding the above .25 cent changes, how would you rate these providers?
Notice 1: 0.02 Percent + $0.02 Increase
“MasterCard, Visa and Discover typically evaluate the Interchange rates and fees twice per year most often in April and October. Based on recent changes as well as analysis from other network providers and vendors, the following changes to your merchant account are being implemented and will be reflected in your merchant statements for transactions processed beginning in October:
Interchange Plus Merchants: Percentage charged in excess of Interchange will increase by 2/100ths of a percent; and
Transactions Fees for all authorized transactions will increase by $0.02/transaction.”
Tiered Pricing Merchants: Qualified Rate for Visa, MasterCard and Discover will increase 2/100th of a percent;
Notice 2: 0.40 Percent Increase
“Effective October 1, 2013, the discount rates charged for your Visa, MasterCard, and Discover (as applicable) credit card and non-PIN (signature) debit card transactions will increase by 0.400%. We have increased these charges based on a variety of factors, including recent Card Organization changes and our own pricing considerations. This change will appear beginning with your October month-end statement you will receive in November.”
Your Statements Now go back to the statements you received in August and September or any notices you received via mail and read the notice your provider posted for these changes. Did the provider announce the actual change or did it state something quite differently? If it’s the latter, make sure it adjusts pricing accordingly. Also, make sure you monitor your rates, fees, and notices going forward to determine the best long-term course of action. If the provider needs you to extend your contract to correct its overcharges, then there are probably bigger pricing issues and more assertive action required by you to investigate your overall processing cost.
EMV Capable Terminals
To reduce fraud in the U.S., the card companies are introducing cards that have a chip as well as the current magnetic strip. Chip cards are prevalent outside the U.S. and EMV — Europay, MasterCard, and Visa — established the technical standards for processing them.
Brick-and-mortar merchants should understand about EMV.
Brick-and-mortar merchants should have equipment capable of processing EMV chip card transactions by October 2015 as certain fraud liability will shift from the bank that issued the card to the merchant. The equipment may be a terminal or a chip card reader attached to the terminal or POS system.
Certain credit card transactions will require a PIN number instead of a signature similar to PIN debit transactions today. Also, like the current PIN debit devices, each chip reader will need to be encrypted and the encryption code is processor specific. Therefore, if a merchant has an encrypted device, changing processors may be more costly as the encryption cannot simply be downloaded over the phone or Internet as is done with terminal reprogramming now. Instead, the encrypted device will need to go back to the provider for encryption or swapped with an encrypted device or a new encrypted device may be needed.
“EMV capable” can mean very little. In fact, if you have purchased or leased an “EMV capable” terminal it may simply mean that it has the slot or contactless connection to place the chip card and the terminal may have the capability to eventually be encrypted to actually process chip cards. However, the cost and time required to do so could be prohibited.
However, merchants should be planning to have equipment capable of processing chip card by October 2015. In fact, they should be planning to have the equipment capable of processing chip cards well ahead of the October 2015 — perhaps as early as late 2014, to ensure receiving it in time.
If a merchant’s existing terminal fails or is no longer supported, the merchant should inquire about EMV terminals as a replacement. However, ask if it comes fully encrypted and capable of actually processing an EMV transaction or if it will need the encryption later. Right now, the answer is likely that the terminal will need encryption later. If so, the merchant should obtain the time frame, process, and cost for enabling the terminal to actually process chip cards. This should be in writing. Remember, new terminals cost the provider around $150 to $250 and the encryption may be an extra $25 to $50.
Make sure you are comfortable with your provider and have negotiated the best processing cost before changing to encrypted EMV equipment.
Merchants do not need EMV terminals today and very few providers actually have terminals that can process an EMV chip card transaction right now.
