February 16th, 2021 by J B
5 Things to Avoid Doing With Your Merchant Account
Filed in: Merchant Accounts |
There are many great ways to use your merchant account but you should also be aware of the things you should not do with your merchant account.
- Do not process your own credit card.
While running your own credit card for $1.00 or less is considered ok for testing purposes, you should not ever run your own card for an actual sale. There are several issues with running your own card, but the most common one is a business owner trying to loan money to their business. This is a violation of not only your processing agreement, but also the card issuer rules, and in certain circumstances may be outright illegal. Even if you legitimately need to make a purchase from your own business, there is no way for the payment processor or issuer to confirm the validity of that transaction, nor to assess the risk of the individual transaction. If you need to make a purchase from your own business, pay by cash, check, or ACH directly between your bank accounts. - Do not accept payments on another person or business’s behalf.
There may be times when you are asked to accept payment for goods or services provided by another party to whom you will pay with some other means. Or maybe someone you know just needs to accept one payment and does not want to open a merchant account. There are many reasons why you might be tempted or asked to accept a credit card payment for someone else, however, never do it. Once you accept that payment, you retain all the liability for that transaction. Also, fraudsters use this tactic by paying with a stolen card and getting the business that accepted it to pay them cash. When the chargebacks start coming in the business retains the responsibility but the fraudster is long gone with the actual money.
Another slightly less common but still prevalent tactic used by some fraudsters is to get multiple companies to take some of their transactions for a fee. They are almost always doing illegal business and have been banned by card associations, so are turning to tricking other business owners into mixing just a few of their illegal transactions in with the business’s legitimate ones, to avoid detection by card associations. This risk for accepting these can very quickly turn from just monetary chargeback risk to actual crimes such as fraud and money laundering, depending on the transactions being mixed in with the legitimate ones. Do not ever agree to mix in someone else’s transactions with your legitimate ones.
- Do not operate multiple businesses through your account.
Running more than one business through a single merchant account can be a receipt for disaster, even if those businesses are similar and your own. Each merchant account is underwritten for a specific business with its own set of risk profiles. Two or more businesses being operated out of the same merchant account can affect how a risk department reviews your account against what it was underwritten for. Maybe you are doing a much higher volume than would be expected out of a single business, or maybe one business has much higher average tickets than the other. Inconsistencies like this will raise flags that your processor will have to address. Also, if something negative happens to one business the funds of the other could now be in jeopardy. If you had a merchant account for each business, then issues with one account don’t immediately affect the other’s ability to process payments. - Do not run your eCommerce and retail sides of your business through the same merchant account.
Similar to number 3, if we break the payments industry into 3 very general business types: Retail, Restaurant, and Ecommerce, each will have unique risks, even if they are all the same business. For example, a retail brick and mortar store that has an eCommerce site is just one business, however, the retail side of the business has different risks than the eCommerce side. Likewise, a restaurant with either a retail section or an eCommerce store would want to keep each business type separated so the one account isn’t taking on the risks of all of the account types. This makes sense for accounting purposes in addition to avoiding tripping up and potentially affecting all areas of a company’s processing capabilities if something goes wrong on one account. - Do not process any payment where the approval(authorization) code was not obtained via your terminal or your processor’s authorization center.
This is an extremely common fraud technique. A customer enters a business claiming to have an approval code from their issuer that needs to be entered into the terminal for the payment to be accepted, sometimes they even pretend to be on the phone with them obtaining an authorization code after the first transaction declines.Almost100% of the time this is an outright fraud attempt, however, there have been times when the cardholder legitimately seems to obtain an approval code.
But, what should you do?
Do not accept the authorization code!
Even if the cardholder did somehow legitimately obtain such approval, if it does not originate through your processor, then there is no electronic or paper link to the specific sale taking place. If your processor didn’t give you the code, you do not have authorization for the transaction, full stop.
We’ve seen more fraud attempts and actual fraud losses from merchants taking authorization codes from their customers and forcing a transaction through, than all other forms of fraud against merchants combined.
Also never call the number on the back of the credit card to try and obtain an approval code, only get one from your processor. The customer’s card issuer should not give you one regardless, and if they do, there is still no link to an authorization with your processor which is required to properly settle the transaction and required in the case the customer requests a chargeback. The only two ways you should ever obtain an approval code is electronic via your terminal / payment device during the normal sales transaction or via your processor’s automated voice authorization system. That is it, no other means of obtaining an authorization should be honored.
While you may have already done some of these things without consequence that doesnt mean you should continue. Its similar to playing with fire. Hopefully this quick list will help you avoid some common mistakes an prevent you from having to work through the negative results.