Visa announced some months plans to take their company public in late 2007 or early 2008. I get about four questions a day asking if I know when Visa is going to go public. Here is my update on Visa.

Although Visa has still not named a date for their IPO, they have formally started the IPO process.

On June 22, Visa’s CEO John Coghlan resigned, as Visa hired Hans Morris from Citigroup to be the president of Visa through the IPO. The restructuring of Visa will include combining of Visa USA, Visa Canada, and Visa International, while Visa Europe will remain an independent organization.

My thoughts on the IPO:
I can’t see there being any chance of Visa’s IPO happening in 2007, so I would put it a few months into 2008 (Feb – Apr). Unfortunately, I think that Visa shares are going to be impossible extremely difficult to obtain pre-IPO. Looking at the success of Mastercard’s IPO, the fact that MasterCard shares have quadrupled in the past year or so, and that Visa has a much stronger pre-IPO brand than MasterCard, getting shares is going to be hard. Your best bet, unless you have million to invest, is to get into an investment group that is planning on bidding on a big chunk of Visa stock. Hopefully you can secure a few shares for yourself before the price explodes a few hours after the IPO.

The IPO’s impact:
It’s still unclear exactly how Visa’s IPO is going to impact consumers or businesses. On one hand, Visa will be concerned about public appearance, but on the other they are going to become a profit hungry monster, with a hand already in everyone’s back pocket. The other certainty is that some major companies (Walmart possibly) are going to be purchasing Visa stake in bulk. This will not only be one of the largest IPO’s in history, but could be the widest impacting public offering ever.

If you want to know immediately when Visa announces their IPO date, sign-up for the Merchant Account Blog’s RSS Feed. I will be blogging about Visa’s IPO as soon as I get information on when it is going to happen, or other changes.

This is the list of routers that Verifone has tested to work with the Omni 3740 and 3750 with IP processing capabilities. These two terminals should work with just about any hardware, but these have been tested to work by Verifone, and are some of the more common hardware that small businesses are likely to use.

Dial Routers: (You probably won’t ever need one of these!):
SMC Barricade 7004ABR and 7004AWBR
3COM 3C886 and 3C888

Ethernet Routers (Wired):
D-link DI-604
Netgear 614V2
Linksys BEFSR41 and BEFSRX41
SMC Barricade 7004ABR
Cisco 813, SOHO91, 2500, 2600

Ethernet Routers (Wireless):
D-link DI-624
Netgear 813V2 and 813V3
Linksys BEFW1154, WRT54G, WAP11 (Access Point)
SMC Barricade 7004AWBR
Microsoft MN-700
2Wire Home Portal 1700HW
Sonic Wall TZ170 and TZW

Related Posts:
Verifone Omni Ethernet and IP Network Setup
Convert an Omni 3740 or 3750 for Ethernet Processing

A few weeks ago Arkansas passed a law that would cap merchant account termination fees to $50, or one month’s minimum charge.

Download Arkansas Act 911 ^.pdf

This law was passed un-democratically “quickly” as the Arkansas congress drafted, and passed it without any notice to media, processors, banks, citizens, or even merchants until the law was written.

As far as the law itself, it mainly requires processors to be transparent in the contract length, and any termination or other fees that would be incurred if a business closed their merchant account before the contract was ended. It ensures that merchants can read the contract because it goes as far as setting a minimum font size for the merchant application. The law does not provide any protection for businesses in leases, or other equipment related recurring fees or charges. It also only applies to businesses signing up after July 31, of this year.

Overall the fee transparency is something that a lot of ISO’s need to address better. Capping termination fees without any input from processors is completely unfair, even though termination fees are often excessive. The law is trying to help businesses from getting scammed but because of some poor editing, it isn’t going to do anything.

Here’s where they went and messed the whole thing up:

(d) The foregoing provisions of this chapter do not apply to:
   (1) A state bank or a state savings association that offers a credit card processing service;
   (2) A national bank or a national savings association as defined 31 in 12 U.S.C. 1813, as it existed on January 1, 2007, that offers a credit card processing service; or
   (3) The parent, affiliate, or subsidiary of any bank or savings association that offers a credit card processing service.

Well, they effectively voided out this entire document with #3. Since every legal ISO is an affiliate of a bank, this law no longer applies to anyone, unless they are somehow providing services illegally, in which case they probably have other things to worry about. Someone obviously was mad, in a hurry, and forgot to do their research because it doesn’t take much see the conflict.

I guess that’s what happens when you pass a law without any public notice or input.

If you are in the process of, or have applied to accept credit cards for your business at some point, there’s a good chance that you found or were found by several merchant service providers. And chances are you based a large part of your decision on who to process with, from the processing fee. The processing fee, while important, is the most overrated and overvalued fee that a business can pay attention to.

Here’s why…

The majority of businesses are only going to process a few thousand dollars per month. While most of us fantasize about doing millions of dollars in sales each month, it just simply wont be the case, ever. Because of this invisible cap on sales, and the fact that every decent merchant account provider is going to have a similar processing fee, you will pay about the same amount in processing fees no matter what company you process with. However, the other fees that are associated with your merchant account can tip the scale between affordable and a complete rip off.

Just to clarify before I go any further, I always recommend businesses not shop based solely on price. However, those fixed and extra little fees that you weren’t told about up-front, ignored because they were really small, or simply didn’t understand, are going to have a big affect on what you will actually pay to accept your customer’s cards. When those fees are hidden or not disclosed, it’s a pretty good sign that you found a company that you may not want to do business with.

And now the facts:

Let’s say a company processes twenty thousand dollars per month, with a volume two thousand transactions (Average sales of $10). The difference between 1.69% and 1.75% over $20,000 is only $12. Not really anything to call home about.

Now lets say the provider with the 1.69% rate is charging $.25 for each transaction while the other is charging $.20. That comes out to a difference of $100 per month, which is probably something worth considering. A difference of $.01 per transaction will have more affect on the monthly cost than .1% in processing fees.

In this case: 1.69% & $.25 = 2.19% & $.20.

The processing fee in the second scenario is over 75% higher, but the cost is the same as the perceived lower rate.

When you start to add in things like $.05 AVS fees that you didn’t know about (You mean they charge me for that, and it’s required?), maybe a Watts surcharge of $.05 (what the hell is that?), and maybe even some fee listed in the miscellaneous section for $.05 (run away now…), the extra cost adds up really fast. You don’t even need to take into account things like downgrade fees, which can double your monthly bill, to see that little fees can make a huge difference at the end of the month.

My advice to anyone looking to accept credit cards, or anyone looking to find a new processor, is to stop looking at the huge distraction called the processing fee, and look at everything else you will be paying. Your books will be far better for it, and you will truly find out what kind of company you are dealing with.

I have to clear up some misunderstanding about what to do when you receive a chargeback.

So, you open your mailbox one day and see a letter from your merchant service provider. You open it and realize that it is a chargeback letter for a transaction that took place a few months ago, and upon examining the letter you notice the chargeback reason code is: 85. After looking up what this chargeback reason code means, you realize that it is because you forgot to issue the refund that you had promised the customer.

You log into your virtual terminal to find the transaction, and go to issue a refund. You might as well correct the situation now, since your customer is expecting their refund right? —- Wrong!

Once you receive a chargeback, you do not want to issue a refund to that customer. No matter if the situation was as described above, or if your customer is standing at your counter. When you get a chargeback, the money from that transaction is immediately withdrawn from your account. If you go and issue a refund now, you just paid your customer back twice. I know that refunding your customer is the best customer service that you can do, but if the chargeback wheels are already in motion, you need to go ahead and let the chargeback work itself out.

If you do issue a refund, and the customer was already reimbursed from the transaction, you need to contact your processor immediately and explain to them that you issued a refund. Since it takes several days for a refund to be completed, there is a chance that you can get your money back if you act quickly, but time is working against you. Once the refund hits your customer’s bank account it can be considerably more difficult, and many times impossible to get the extra refund back.

Once a chargeback is initiated, check to make sure that you had not issued a refund at an earlier time, and then follow the instructions on the chargeback letter. If you had already issued a refund on this transaction, let your processor know. I have seen Amex allow chargebacks on transactions that have already been refunded, and I’m sure that it has happened with other card issuers as well.

We just got a letter in the mail today, that American Express is requiring our business to maintain a rolling reserve on our American Express merchant account. This news came as a huge surprise since we have only had one Amex chargeback in the last two years, over thousands of Amex transactions.

As a business that uses a merchant account in addition to providing them, we like to experience everything from our customer’s points of view, but this is definitely one of those situations that nobody wants to be in. Amex makes up about 25% of our transactions, and a reserve puts a marked dent in our income.

Anyway, if you’ve had a similar situation to this with Amex or another merchant account provider please share it. I would love to see if this is an isolated event or if Amex commonly places reserves on large ecommerce businesses with clean history.

A week and a half ago, visa released a list of POS and other software programs that are storing prohibited data. Prohibit data is in reference to magnetic card track information, which Visa and Mastercard specifically prohibit merchants from storing.

These programs store prohibited data and must be replaced or patched for a business to be processing legally:

• ICVerify All versions prior to 2002, V2X and lower.
• Menusoft Systems Corp. All versions using DDserv.dll prior to V7.3.0350
• Micros8700 HMS: V1 – V2.11.9, V2.5 – V2.50.20, V2.7 – V2.70.14; 9700 HMS: version prior to V2.5; RES 3000: V1 – V3.1.2, and V3.2.0
• Posera Software Maitre’D Versions Prior to V2002, Prior to V2003 SP 11, and prior to V2005 SP 3.
• Radiant Systems Aloha: Prior to V5.3.15
• Southern DataComm (SDC) All versions of ConnectUp, All versions of PopsOn, ProtoBase 4.7-x – 4.80-x, and PbAdmin versions 4.01-x and 5.00-x

Businesses need to make sure that their POS system is properly patched. Radiant Systems Aloha, and Micros have a huge number of users, so it is very likely that many businesses using these systems may need to patch their current software.

Don’t neglect this!!!
Businesses with these software systems are especially vulnerable and will no doubt be targeted by hackers and thieves for the data that they possess. With full track data, a thief could potentially make exact copies of real credit cards, which is much worse than simply loosing card numbers.

Additionally, businesses that are not compliant risk having major fines assessed against them. If your business is using one of the POS systems listed above, immediately check to see if it needs to be upgraded.

I just got word that Verifone is making an industry wide increase on prices on many of the popular terminals that they offer.

My guess is that Verifone is tired of competing with themselves and is only making this increase because there is no competition that can stand up against them. Since Verifone owns Lipman as well, they have a complete dominance over the entire processing equipment market. Raising their price is a smart move for them because almost all equipment being used is theirs. It also sucks for business owners and equipment resellers as many terminals are going to nearly double in price.

Terminals that are going to go up in price in the next few months:

• Omni 3200SE
• Omni 3740 Dual Comm
• Omni 3750 Dual Comm
• Omni 3730/3730LE
• VX 570/VX 570LE
• VX 610
• Nurit 8320
• Nurit 292 Pinpad
• Verifone P250 Printer
• Verifone P900 Printer

There are also a few other increases on a few rarely used pinpads, and printers.

This definitely appears to be one of those situations, antitrust regulation were made to protect against. Unfortunately nobody paid any attention to an obvious monopoly in the making when Verifone purchased Lipman last year.

In the green sheet this morning, there was a good article about how credit card interchange is still under fire. Especially since some of the more signifigant updates with the interchange schedules this April (Visa adding a new category of cards), interchange is again under the microscope.

At least a dozen bills pending in state legislatures address topics related to interchange, according to the NCSL. Here’s a rundown of several key initiatives:

• Two bills introduced in the Florida state legislature would require refunds to merchants paying interchange on sales taxes.
• Legislation pending in Kansas would require that merchants have better access to information related to interchange rates. It also defines interchange fees for purposes of state law.
• A bill pending in Nevada would prohibit interchange on certain transactions.
• In Oklahoma, legislation has been introduced that would prohibit certain contract provisions regarding merchant transaction fees.
• Lawmakers in Tennessee are considering legislation that would cap at 0.75% all processing fees associated with credit or debit card transactions. The proposal would apply to contracts entered into with merchants by banks or their agents after July 1, 2007.
• Texas lawmakers have a bill before them that would require more transparency in disclosing interchange and related processing fees. A tougher bill, introduced and quickly withdrawn in March after a large consumer letter-writing campaign, would have allowed retailers to surcharge credit and debit card payments to cover processing costs.
• In Washington state, lawmakers want to restrict interchange to 1.5% of the total cost of a retail card transaction.

Now, I can completely agree that interchange needs to be more transparent. As far as showing how much interchange is paid, itemized for every transaction that a business processes, it may be a little excessive. Imagine a business that processes a million or even ten thousand transactions per month, have fun with that statement.

From what I read on a weekly basis, lawmakers and interchange activists often completely miss the concept of interchange, and therefor are not developing strong arguments in trying to get interchange reduced or even more transparent.

Here’s what I think needs to happen before any major interchange changes are made:

1. The first step in making any progress towards a more transparent and potentially lower interchange, is going to be a more widespread understanding of what interchange is and where the fees go. There is so much inaccurate information and opinions as to what interchange is, and what it is being called, that it is hard for anyone outside the industry to know what is fact.
2. There needs to be a much better understanding of who interchange fees actually are paid to (Most of interchange does not go to Visa or MasterCard).
3. There needs to be an understanding of what processing fees are, in relation to interchange. (Tennessee capping processing fees to .75% is going to do nothing but stop Tennessee businesses from being able to accept credit cards.)
4. There needs to be some understanding that the billions of dollars in equipment that makes up the processing networks costs billions of dollars to maintain. Also, Visa, MasterCard, all of the processing banks, ISO’s, MSP’s, and other organizations that are needed to actually provide the processing services, employ tens of thousands of people and can’t run for free. (Yes there are many overpriced organizations out there, and ones that are just trying to rip business owners off, but there are good ones too.)
5. Someone in congress is going to have to start caring before anything changes. Currently, there aren’t any congressman that have shown any remote interest in regulating interchange on a national level.
6. Card holders are going to have to stop getting cards with huge rewards programs. Interchange categories are based on rewards programs associated with specific cards. This is also the reason that interchange is so complicated and keeps getting more expensive. The more rewards your card has, the more that a business has to pay to process it.
7. Most Importantly: Consumers are going to have to take interest in what businesses have to pay to process their credit card. The sad fact of doing business in the US is that nobody really cares about how much a business has to pay for anything. If consumers started complaining about interchange, you can be damn sure that things would change quickly, but as long as consumers are happy with their super rewards cards, and they still want faster, more convenient ways to pay, interchange will go nowhere but up.

I was checking out this chronology of data security breaches this last weekend, and I realized that the amount of breaches that have occurred is absolutely amazing. Over 150 Million records have been compromised in the past two and a half years, and this number doesn’t take into account the fact that the number of compromised records for about 1/3 of the total number of breaches is unknown.

From looking at this we can observe a few solid facts about data security breaches in general. First, the three most common reasons for data to be compromised are lost and stolen laptops and storage devices, disgruntled employees, and hacking.

The Top five data security breaches are:
TJ Max (45.7M) – Massive long-term hack
CardSystems (40M) – Hacking of unencrypted data
U.S. Dept. of Veteran’s Affairs (28.6M) – Stolen laptop (No data has been used to date)
iBill (17.7M) – Inside
Georgia Dept. of Community Health (2.9M) – lost disk

These are breaches relating to banks and financial institutions:
CardSystems (40M) – Hacking of unencrypted data
iBill (17.7M) – Inside
CitiFinancial (3.9M) – Lost backup tapes
Bank of America (1.2M) – Lost backup tape
Wachovia, Bank of America (676,000) – Inside
Providence Home Services (365,000) – Stolen backup tapes
Mortgage Lenders Network USA (321,000) – Inside
Ameriprise Financial Inc. (260,000) – Stolen laptop
Ameritrade (200,000) – Lost backup tape
Fidelity Investments (196,000) – Stolen laptop
Iowa Student Loan (165,000) – Lost laptop while being shipped
Firstrust Bank (100,000) – Stolen laptop
People’s Bank (90,000) – Lost computer tape
MoneyGram International (79,000) – Hacking
Mercantile Potomac Bank (48,000) – Stolen laptop
J.P. Morgan (47,000) – Tape drive missing
PayMaxx (25,000) – Accidentally exposed online
Bank of America (18,000) – Stolen laptop
Premier Bank (18,000) – Stolen data
KeyCorp (9,300) – Stolen computer
North Fork Bank, NY (9,000) – Stolen laptop
Univ. of Michigan Credit Union (5,000) – Stolen documents
Chase Bank and the former Bank One (4,100) – Documents left in desk that was sold
TransUnion (3,623) – Stolen computer
AllState Insurance (2,700) – Stolen computer
Equifax (2,500) – Stolen laptop
Sovereign Bank (Thousands) – Stolen laptops
West Shore Bank (1,000) – Security break
Westborough Bank (750) – Inside
Ceridian Corp (150) – accidentally posted personal data on website
City National Bank (Unknown) – Lost backup tapes
J.P. Morgan Chase & Co. (Unknown) – Stolen laptop
J.P. Morgan (Unknown) – Information found in trash
Bank of America (Undisclosed) – Stolen Laptop
Bank of America (Unknown) – Internet by former contractor
Bank of America (Limited Number) – Stolen laptop
La Salle Bank, ABN AMRO Mortgage Group (2M) – DHL lost but later found backup tape
Wells Fargo (Unknown) – Stolen computer
M&T Bank (Unknown) – Stolen laptop
Matrix Bancorp Inc.(Unknown) – Stolen laptops
U.S. Bank (Small Amount) – Stolen briefcase
VISA/FirstBank (Unknown) – Visa card processor’s compromised data
Home Finance Mortgage, Inc. (Unknown) – Accidentally discarded files
Columbia Bank (Unknown) – Hacking

How we can stop all of this:
The current focus on data security seems to resolve around PCI / CISP compliance and keeping data protected and properly stored. In truth, not storing sensitive data on portable devices would do far more good. The biggest reason of data compromise is stolen or lost laptops containing sensitive information on them. Many of the stolen incidents were from a personal vehicle or their home. Five data loss incidents by a single company (Bank of America) is completely unacceptable. Companies, especially ones where trust is a huge factor (Banks) need to take a much more serious approach to securing information. Only three of these data losses at financial institutions were due to hacking. There really is no excuse for the rest of them.

The next thing that I find particularly upsetting is that a huge overall percentage of the laptops and portable storage related losses were from government agencies, and the majority of all losses happened at universities or other educational institutions. Our government and educational institutions are obviously not being cautious enough with personal information. I wont list all of these because it would take about 10 pages to get them all in.

The bottom line is that everyone needs to take some common sense precautions to data security. The newest two million bit encryption, and all the security in the world isn’t going to help when an employee looses a laptop with sensitive information on it.