Information on Merchant Accounts,
Ecommerce and Credit Card Processing

February 2nd, 2009 by Jamie Estep

Visa issues security alert

Filed in: Fraud, Industry News | 11 comments

A few days ago, Visa issued a security alert (possibly in reaction to the recent Heartland breach) outlining some specific applications and IP addresses to look out for. What is unique about this alert that I’ve never seen before is that Visa gave a very specific list of malicious applications to search for on a network/computer, and a specific list of IP’s to block.

This tells me that Visa has explicitly identified threats, where they are originating from, and these locations are static enough that blocking them would actually do some good (IP blocking is a terrible way to prevent/stop malicious behavior).

Download the security alert »

Continue to Table 1 and Table 2 »


January 27th, 2009 by Jamie Estep

Just how big was the Heartland security breach?

Filed in: Fraud, Industry News, Merchant Accounts | 4 comments

I have been looking over a 2007 Nilson Report, specifically about the number of credit cards being used in the US. I then though, how much of an impact could the heartland security breach have on the US credit card industry as a whole? How big is the US credit card industry?

To start off, it is still unknown how many card numbers were actually stolen in the Heartland Breach. But, it is known that as many as 600 Million card numbers were exposed to malicious software. In terms of security (and logic in general), you can only assume the worst case until you can later prove that the situation is better (There is no innocent until proven guilty when it comes to security). So how many cards is 600 Million?

These are not exact numbers but are close… In 2007, there were about 200 Million card holders in the US. Of these card holders, they owned 321 Million Visa cards, 279 Million MasterCard cards, 52 Million AMEX cards, and 57 Million Discover cards. This makes a total of 709 Million credit cards. Since the account activity averages about 60% across all cards, there are roughly 420 Million active credit cards being used in the US.

Now putting this all together, the number of cards potentially stolen is about 50% more than every single active card of every cardholder in the entire country. Given the size of the breach, it’s unlikely that your card was not compromised if you made a purchase in the US between April and December.

Unfortunately a breach like this will have a negative impact of the entire credit card industry. I’ve heard a lot of “they had it coming” and cheers of joy from other people in my industry, but make no mistake, this is bad for everyone! We have yet to see the real start of what this is going to cost heartland and the credit card industry as a whole. I cannot imagine a scenario where Heartland comes out of this in one piece. They may prove me wrong, but the damage from this looks to be too great for any processor in the world to reasonable handle.


January 20th, 2009 by Jamie Estep

Heartland Suffers Massive Data Breach – update

Filed in: Industry News, Merchant Accounts | 2 comments

Heartland payment systems today has been reported to have been victim to one of the largest credit card data breaches in history.

Heartland discovered malicious software that was recording credit card information as it was being sent to heartland for processing. Heartland processes roughly 100 millions transactions per month, for 250,000 US businesses.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

Right now it is currently unknown how much data has been collected, how/if it has been used, or how long the malicious software was recording information. The current largest data breach in history was about 45 million card number by TJX (TJ Max and Marshals) which cost the retailer almost $2 Billion dollars. Depending on how much data was lost, this breach could surpass the cost of the TJX breach.

I’ve been reading comments on various blogs and new sites on the internet and so far there is a lot of backlash and anger from consumers and businesses. We’ll see in the near future how this breach will affect Heartland, but it seems safe to assume that this will be an extremely costly event for one of America’s largest ISO’s.

***UPDATE***

http://www.nytimes.com/2009/01/21/technology/21breach.html?_r=1&emc=tnt&tntemail0=y

The software on the Heartland’s network was installed as early as May. Based on the volume of transactions, as many as 600 million card numbers were potentially vulnerable, although the actual number stolen was likely less than this. With that sort of exposure, and the sheer number of merchants that process with heartland, it’s not impossible that every single card holder in the US was exposed in this data breach.


January 13th, 2009 by Jamie Estep

Merchant accounts as a measurement of the economy

Filed in: Merchant Accounts | 3 comments

During a recession or a downturn in the country’s economy, we typically see the unemployment rate go up. In the current situation, the unemployment rate has gone up a lot.

One of the few good things that comes from unemployment, is that it creates situations that allow new businesses to start up. What better motivation to start your own business than getting laid off?

One of the interesting facts about the credit card processing industry, is that we generally see an increase in new businesses during an economic downturn, especially when it involves a lot of lay offs and lost jobs.

Economy - Merchant Account Trends

This is blatantly apparent when comparing Google’s trend graph for the term “Merchant Account” to the S&P500 Index. The increase in searches for merchant account is a delayed inverse to the crash in stock price, which in this case is a good indicator of the country’s economy.

This is a positive trend to me, because it’s apparent that people are still getting out there and trying to open their own businesses. Financing is a major hurdle right now, but there are signs that we will see an increase of new businesses in the months to come. Real-estate is cheap, competition is evaporating, and those businesses who can get established in a difficult economy should excel when things do pick up again.


January 7th, 2009 by Jamie Estep

Let Your Average Sale Determine “Your” Good Rate

Filed in: Merchant Accounts | 3 comments

Here’s a little comparison on how a business’s average sale size affects their processing cost.

If a business processes $10,000 per month, here is how the business’s ticket size affects their overall cost.

Average Ticket to Cost

If you have a low average ticket, it is more important to have a low transaction fee than a low processing rate. Conversely, if your average sale amount is greater than about $80, the transaction fee becomes almost negligible.

Knowing how your average ticket size affects your overall cost is extremely important when looking for a merchant account provider. Not knowing how this affects your fees, will undoubtedly cost your business extra. This is yet another reason why shopping for the lowest advertised cost is a good way to get a bad deal.

Related Posts:
The processing fee is the least important one on your application!


January 6th, 2009 by Jamie Estep

Cost Calculators Update

Filed in: Company News, Tools |

We’ve spent a few days updating our calculators on our main website. The new version work much better than the previous versions. We are also in the process of adding fee comparison calculators for 3 tier and pass-through merchant account fees.

Current calculators:
Simple merchant account cost calculator
Advanced cost calculator
Lease cost calculator


January 5th, 2009 by Jamie Estep

No More Free Checkout from Google

Filed in: 3rd Party Processors | 3 comments

Until now, Google Checkout merchants who advertise on Google’s Adwords platform, have received credit for use toward Google Checkout fees they incur. However, due to Google tightening financials, Google Checkout is no longer free or even reduced for Adwords users. Un-Google like, they didn’t even notify current Google Checkout users prior to dumping the Adwords credit system in December. By doing this, all of the December holiday Google Checkout sales paid fees for the service.

Now, the question in the near future is whether Google Checkout can really stand on it’s own.

Google claims that there are enough consumers using and preferring Google Checkout, the system no longer needs to operate as a loss leader to function.

“Why have it as a loss leader if it’s doing OK?” he said. “We saw very healthy results after we decided to charge for the service.”

I think that Google Checkout is going to have a tough time keeping support without offering incentives for retailers to use it. We saw a massive drop when they stopped giving consumers incentives to use it. It simply doesn’t have the consumer support to make it sustainable for the merchants using it. In the past six months or so there’s been speculation of Google dropping the Google Checkout program. This may simply be Google way of letting the program die, especially since this change was never properly announced.

With Paypal stronger than ever and the emergence of Amazon’s payment service, Google Checkout will most likely need to find some new way to garner additional support, or be lost in the history of internet failures.


December 30th, 2008 by Jamie Estep

Best wishes for 2009

Filed in: Merchant Accounts | 1 comment

2008 will end as one of the most dreadful business years in history. Most business will continue with tough time in the coming months. I can only hope that jobs open up, business picks up, and our economy begins to make some sort of rebound.

I do believe that we will be looking at a different landscape when our economy eventually comes around. One thing is for certain, the credit and banking industries are going to look very different by the end of 2009.

Card issuers:

Card issuers are looking to go through some huge changes, maybe the biggest and quickest changes since the invention of the credit card.

Issuing is going to tighten up a lot. We can likely expect a surge in fees, and a reduction in rewards card programs. Add this to increased underwriting scrutiny, and a new FICO scoring system and we end up with a very volatile card issuing system. It’s going to be harder to get a credit card and they’re going to have more fees and less rewards than we’re all used to.

Card processors:

Credit card processors are just now beginning to feel the strain of the down-turned economy. The ones hit hardest are those with the highest attrition and ones that rely on continued new businesses. Processors who went for the lowest bid are seeing massive attrition, and reduction in income. We’re starting to see across-the-board business closures and greatly decreased sales volumes. This creates a very uncertain future for many companies that handle merchant accounts for millions of businesses in the US. In addition, there is the looming congressional credit card interchange regulation bills. Processors do not neatly fall into any category being regulated, so there is a lot of uncertainty in what’s going to happen if the bills are passed.

Businesses:

Not only are we seeing an increase in business closures, but we’re seeing a reduction in new businesses. Typically during a recessionary period, new businesses are started due to opportunities created by layoffs, pay cuts, and other reductions. Unfortunately, this is not yet the case, and new business start-ups are at an all time low. Even successful business are feeling the strain of reduced consumer spending. On the bright side, the extremely low gas prices are helping, but this is most likely temporary, as gas will eventually rebound.

It’s never to late to optimize your operations, reduce costs and debt, but always continue to market and find new ways to gain new customers, and keep the ones you already have.

Consumers:

Consumers are feeling the strain of reduced bank lending, and the reduction of available credit. When the new FICO system comes into affect, this credit reduction has the potential to destroy people’s good credit, since the new system relies very heavily on available/used balance ratios. This holiday has shown us just how bad things have gotten, just today consumer confidence ratings were recorded at an all time low.

The future

While I’m sure that we will come out of this slump, I fear that we have not yet seen the worst of it. My best wishes go out to anyone having a tough time right now, especially those who have been lay-ed off, lost their home, and those undergoing other very difficult circumstances. Things will get better, and many opportunities will come from our current situation, but if you’re waiting for one to come around, you may be waiting for a long time. We all need to continue to push forward, find and create our own opportunities, and help those around us that are experiencing difficulties.

Have a new year!


December 12th, 2008 by Jamie Estep

Way Systems way5000 coming soon

Filed in: 3rd Party Processors, Credit Card Equipment | 2 comments

We just got a sneak peak at the new way5000 wireless terminal.

way5000Way Systems created their own terminal instead of using a re-manufactured Siemens phone. While they technologically regressed in some areas, they made a better product that works for what it is designed to do, process credit cards. By designing from the ground up they were able to use a single keypad for PIN debit processing (Their old models had 2 keypads due to encryption requirements). New features include the ability to add additional processing applications. Once certified, the terminal will support check services and gift cards through some select 3rd party providers. There are also no longer any log in/out requirements to use the terminal, and it has the ability to install new firmware when it becomes available. The new terminal still works with existing Way Systems infrared printers, and can now be charged through a mini-USB port. It is now supported by Apriva and eProcessing Network which allows it to be used with just about every US processor.

This terminal should be available early 2009, and should be a vast improvement to existing Way Systems 1581 terminals. If you were looking at purchasing a Way terminal, it would probably be better to wait for the way5000. We expect it to be about the same price as the 1581.

You can purchase the way5000 terminal from our main website.


November 20th, 2008 by Jamie Estep

PCI Non-Compliance Fees Getting Much Worse

Filed in: Merchant Accounts | 2 comments

Just yesterday, I wrote about the increasing number of non-compliance PCI charges that processors are passing down to their customers. A few months ago several processors started adding monthly PCI compliance fees to their customer’s bill. We’ll, the PCI fees are getting a lot worse!

I reviewed a potential customer’s statement today and they had a $500 PCI non-compliance fee on it, which is by far the largest I have seen to date. Needless to say they were very upset.

Get Compliant:

It appears that these non-compliance fees are going to get much worse, very quickly. We’re getting a lot of pressure from sponsoring banks to impose similar fees, and so far we’ve been able to avoid them.

The point is, these fess are going to be the standard in the near future. If you’re not PCI compliant now, it’s time to look into it before your processor tacks a $500 fee on your monthly bill.

PCI-DSS is required for all US businesses that accept credit cards. For some businesses, there will be no additional cost for becoming compliant. For businesses the process online, or ones storing data, scanning can cost as low as $50 per year, which is a far cry from $500. Security is however, a lot more than just filling out a survey and scanning a server 4 times a year, as requires by PCI-DSS. Whatever the case, PCI-DSS is required by all card issuers, and needs to be adopted. I’m not going to argue whether PCI is fair for some of the businesses out there, but data needs to be secure for every business.

For PCI-DSS Compliance, Start Here: https://www.pcisecuritystandards.org/