The owners of Paymentech, JPMorgan Chase and First Data have decided to dissolve Paymentech into their own operations. JPMorgan will take 51% and the remainder will be merged into First Data.

Both companies have committed to a no-disruption transition so existing Paymentech customers (1Million+) should not see any major change in their processing service.

In a move to become more transparent from increased scrutiny over interchange, Visa has made their operating regulations available. Regulations are available for all regions of the world. The US has two volumes of regulations, for a total of about a thousand pages.

http://corporate.visa.com/pd/rules/main.jsp

Lately I’ve been hearing reports of processors that are starting to charge their customers $19.95 per month for not being PCI compliant. To fix this problem, these processors are requiring their customers to install some PC based scanning software that is supposed to magically make the business PCI compliant, thereby allowing them to avoid the monthly charge.

Let me start out by saying: This is a bunch of crap!

There is nothing that you can just put on your PC that will make your business PCI compliant. This is so far off course that it hardly can be related to PCI. PCI compliance is in reference to networks, computers, hardware and software that play a part in the processing, storage, or transfer of a credit card transaction.

It is now required that every business be PCI compliant, but let me assure you that there is no simple computer program that will do this for any business. Even if only a single computer is used to enter card data, it is unlikely that it is the only piece of the puzzle, and even more unlikely that a single piece of software can guarantee PCI compliance.

Steps to get compliant:

1. Determine whether you need to be PCI compliant. (If you accept credit cards, or play any part in the processing of a credit card, you need to be PCI compliant.)
2. Determine which Level of compliance is required for your business.
   • Level 1: Greater than 6 million credit card transactions per year or any business that has suffered a hack or data breach, or any business deemed Level 1 by card associations.
   • Level 2: 1 to 6 Million credit card transactions per year.
   • Level 3: 20K to 1 Million credit card transactions per year.
   • Level 4: Less than 20K ecommerce, or 1 Million total transactions per year.
3. Fill out the self assessment questionaire (SAQ).
4. Fix every area that you answered ‘NO’ to on the SAQ.
5. Hire an approved scanning vendor (ASV) to perform quarterly scans of any external networks. – All Levels
6. Fix and maintain any failed area of the scan.
7. Level 1 Only: Complete an annual on-site audit by a Qualified Security Assessor (QSA).
8. ** Continue to maintain security of networks and card information! **

Once you complete all of those requirements, and maintain a secure network and business environment, you are PCI compliant. Most of the details of PCI compliance can be found in the SAQ, and on the PCI Security Standards website.

If you’re trying to determine whether PCI compliance is worth it to you, consider this: A security breach will result in a business requiring Level 1 compliance. The cost for level 2, 3, and 4 compliance can be as low as a few hundred dollars per year. The cost of Level 1 compliance can easily reach into the 6 and 7 figures per year.

Some Good PCI Resources:
PCI Answers Blog
PCI Security Standards website
Visa Cardholder Information Security Program
MasterCard SDP Program

Nova recently changed their name to Elavon to create a unified global name. Nova has a better than most reputation in the processing industry, and it seems like changing a company name from Nova to Elavon is a brand suicide.

Anyone processing with Nova should expect to see their statements reflect the new name if it hasn’t been changed already. Other than the name change there should be no difference in service from Elavon.

Discover just signed an agreement with Citi to acquire Diner Club for $165M. Diners club is all but extinct, but this merger may bring some hope into Diners Club’s future. Since Discover is now settled along with Visa and MasterCard it’s possible that we will see the ability to accept Diners Club cards pushed to all businesses that currently process credit cards.

Press Release: Discover Financial Services to Acquire Diners Club International Network

Digital Transactions magazine has an outstanding article regarding current PCI standards. I highly recommend reading it to any business that processes credit cards and businesses that are involved with any step of a credit card transaction.

Download the March 2008 issue and check out the article “Once is not enough”.

Despite uncertainty and a poor market, Visa’s IPO went through yesterday raising about $18B, making it the largest IPO in US history, second largest in world history. The stock market got an additional boost yesterday as the Federal Reserve lowered interest rates again.

Trading starts today and Visa’s stock was projecting several dollars above the $42 IPO price before the market was open. But, it immediately jumped above $60 when the market opened.

Check out the Do’s and Dont’s of credit card processing if you need to get setup any time soon.

Please feel free to contact me if you know of something that should be on there.

Slamming is a situation in the credit card processing industry where a sales agent or an ISO will steal a merchant account from another processor.

This deceitful tactic has been observed in every area of credit card processing, from the retail to ecommerce. It is most common with smaller retail shops and restaurants, and seems to be especially prevalent in rural areas where business owners often have a first name relationship with their merchant account rep. Slamming has a negative impact of both the business that switched, the company whom they switched from, and the processing industry in general.

How slamming happens:
Picture this scenario. You own a clothing shop in a small town in Colorado. One day a person calls or walks into your business claiming he is with your credit card processing company and needs to update your terminal because of new security regulations. He tells you he works with your rep, Sam, who set up your merchant account initially. You know Sam and assume that he must have sent this person to correct your terminal. He has you sign some paperwork, he makes a few phone calls, messes around with your credit card terminal, thanks you and leaves… You’ve just been slammed!

At the end of the month, you get two bills for your credit card processing. One from the company you originally signed up with which is basically blank, and the other that has all of your transactions on it, but you don’t quite recognize the name on it.

What you didn’t realize when that person was reprogramming your terminal was that he worked for a different company, and he just switched you to his service. He knew your sales rep Sam’s name because most of the businesses in the area process through the same company and Sam is their rep. You may not have even signed an actual contract with him, but he got your signature and your terminal is programmed with his company. Although what he did was illegal, you now have two merchant accounts, and the second one is a complete mystery as to what you are actually paying, or who you are processing with. Unlike switching providers on your own, you didn’t need or want to switch, and you don’t know anything at all about the new company or what you’re going to get with them. Hopefully, they actually did setup you up with a real merchant account, but for all you know, this may have been some criminal that installed something to skim all of the credit card numbers that go through your terminal. Some ex-bankcard technician may be routing your money into their bank through a stolen merchant account. Just about anything is possible.

How slamming can hurt your business:

• You are now processing through a deceptive company!
• You almost always have extra fees, due to two accounts being open!
• You will most certainly have a termination fee!
• You can possibly be put on the TMF / Match file if you end your relationship with either company in a bad manner!
• There is a now huge potential for fraud and credit card theft through your business!

Simply put, any company that would con a business into using their service is not someone you want to be doing business with. This company just doubled any fixed fees you had because you have two accounts open now, and you most certainly have has an early termination fee that you will be required to pay when you realize you just got scammed. They have a termination fee, because there is a good chance your going to dump them once you realize what just happened. Apart from that, who knows what your fees are, what this company’s reputation is, if they are even a legal business, if you are going to get all of your money, etc. This is just a bad position to be in for a business.

Of course this is illegal and you can take recourse against this deceptive company, but lawyers are expensive, and this could become an enormous burden to fight. Additionally, it may be hard to track down who is actually responsible for doing this to you. Many businesses do fight and they usually win, but it takes time and money, which is why slammed businesses often stay with the new company.

How this hurts the merchant services industry:
Reputable service providers spend a lot of money to gain your business, and they spend a lot of money on staff, training, and equipment to support your business. It takes months and sometimes years for a processor to regain the cost of establishing a single customer. When merchants are stolen, it has the same affect on a processor that shoplifting has on a retail businesses. Profit margin’s sink, and it becomes harder to keep prices and fees where they are. On an industry wide level, it ends up costing all businesses more, because the lost revenue has to be accounted for somewhere.

Companies that slam are scum!
Slamming exists because some providers and reps find it easier to steal hard earned customers from honest companies than to provide a service worthy of gaining their own customers. The people doing the slamming are criminals and should not be trusted on any level. Businesses have gone bankrupt, been put on the TMF, have been locked into horrible contracts and paid thousands of dollars because of thieves that do this. There is so much risk to a business that gets slammed, only a true criminal would put an honest business into a risky situation that could cost them their business.

What to do if you’re slammed:
First off, do some research to find out who did it to you and when it was done. Usually someone showed up and either switched out your terminal, or reprogrammed your terminal claiming to be with your processor. More than likely an outside agent slammed you and not the company they work for. Luckily, this is the best case scenario for your business, because you can easily bypass the agent and deal directly with the company you are now processing through. Additionally, a sales agent that is out slamming businesses is a huge liability for a processor so they will be more likely to sympathize with your situation. You need to make sure that if you close this new account, you will not be charged a termination fee, and you will not be put on any sort of TMF/Match list. Depending on what you actually signed, it’s possible that it was a complete application. Whatever the case, you are the victim of fraud, and you shouldn’t have to compromise, even a penny! You also need to figure out what you want the outcome of this to be. You can go back to your original company, you can find a new company, or you can stay with the current one. Based on how your relationship got started with this new company, it’s probably a good idea to go somewhere else out of principal. If you do decide to leave your original provider, make sure you know if you are required to pay any sort of termination fee. Most likely your account with them is still open, so going back to them should be simple and painless, maybe taking only a few minutes to get your terminal reprogrammed.

If a provider slammed you themselves, you are in a stickier situation. Going straight to the bank they are registered to, or to Visa and MasterCard may be the best resolution. If you find that the cost is significantly higher, you may need to consult a lawyer or file a report with your police department. If you do decide to call them, go up the chain of command as high as you can. Even if the company is responsible, it was still most likely a rogue sales person that carried out the slam. Filling reports with the BBB can go a long way to getting their attention and getting out of their grip. Ripoff Report is another company you can file a complaint with.

(My Ripoff Report Advice: Only file a Ripoff Report after all other options have been exhausted! You should be 100% certain that you are filing against the correct organization, there is no chance of an amicable resolution, and you do not expect anything positive to further come from the company. Unlike a BBB report, a Ripoff Report cannot be undone, even by you, and they can be so damaging that there is little chance the company will deal with you any more at all. If you commit libel or slander, you should be prepared for for the full legal wrath of the company you reported. Enough said!)

Prevent it!
Don’t let anyone reprogram your terminal unless you are certain that they are supposed to and that they work with your current processor. Whether it is over the phone or face-to-face, make sure you know who is changing your terminal, because you just can’t know what they may be changing on it. Your money and your business’s very existence could be at stake.

Visa’s IPO which was predicted to be going off tomorrow (Tuesday, March 18th), may be pushed back because of the Bear Stearns casualty.

According to The Disciplined Investor “Unless the lead underwriters – JP Morgan and Goldman Sachs – are completely deranged and masochistic, Tuesday is not going to be the best day to attempt to bring history’s largest IPO to market.”

Banks, especially JP Morgan have a lot riding on the success of this IPO, so it would be reasonable to assume that they will indeed push it back to a day that will be much less volatile than tomorrow is predicted to be.