I rarely bring up specifics about another business on this blog, because I think it is unprofessional and simply irrelevant to focus on other business’s poor practices, but this warranted a break from my norm.

One of our agents was recently in the process of signing a customer up with a merchant account. The business they were talking to was already processing, but was somewhat unhappy with their current level of service and fees and was looking for someone better.

Another merchant account provider that was also trying to gain this business’s merchant account was Heartland Payment Systems. Heartland is one of the larger US based providers ranking at number six in overall volume in the US.

After a recent post on the merchant account services blog, I thought that this was a completely appropriate post about deceptive merchant account fees.

What happened:
Our agent quoted the business a rate of about 1.68% and $.19 per transaction for credit cards (For times sake, I’ll avoid the entire fee structure). Considering that the company was paying over 1.9% on their retail account, this was a significant decrease in price.

Now, while the rate that our agent quoted to this merchant was not the lowest that ever existed, it was a fair, and completely honest rate. What heartland quoted was not an honest rate, it was designed to deceive this business owner.

Heartland’s quote (exactly as written):

Well, sign me up while you’re at it, Heartland!!!

Lets not consider that interchange for this business over 1.6%, and $.10 per transaction, and Heartland’s Dedicated Local Service Manager never even visited this business.

Why is this rate deceptive?

This is called a pass-through or interchange plus rate, and while it’s not an extremely bad pass-through rate, it was presented in a deceptive manner. Basically, heartland passes the interchange cost to the business, and then adds their own fees to the rate. If interchange was 1.65% and $.10 per transaction, they add their .4% and $.10, to make it 2.05% and $.20 per transaction. Not much of a deal anymore, especially since the business was currently paying 1.9%, and not one place on the proposal mentioned that interchange would be charged as well. Earlier on the application the words: Fully Disclosed, Competitive Pricing, are in bold with an excellent paragraph explaining how Heartland doesn’t increase fees, and only passes interchange fee changes to the customer. They make a special point to let the business know that if interchange goes down, they also lower the passed fees as well.

How many times has interchange gone down? – Never!!!

What is really upsetting, is that the majority of business owners, would actually think they are getting a merchant account at .4%. Compare that to a decent rate of 1.7% and lets see who they go with. Heartland makes a ton of claims about their honesty, full disclose, even has a website http://www.merchantbillofrights.com/, but then sends this garbage to a potential customer, with no disclosure about interchange fees.

This is a completely deceptive proposal, and doesn’t even approach the concept of full disclosure. The app did have the interchange fees on it, but the proposal did not.

I wonder how many hundreds, or even thousands of businesses have been sold by this company based on this same deceptive fee structure.

Most businesses that accept credit cards online have become more aware of Payment Card Industry (PCI) security regulations like CISP, and SDP. What I find to be an interesting figure is that very little data loss actually occurs with online businesses.

Roughly 65% of all data security breaches occur at restaurants, the next largest group retail stores claim about 12%, and the remaining percentage is split between every other type of business out there including online. The simple truth is that with all the scrutiny over online businesses, card companies have failed to see the actual problem. It is retail businesses where employees and even customers often have direct access to sensitive data. Online businesses, even with poor security would require someone very knowledgeable in networking and computers to compromise their data. Any average Joe could obtain a credit card skimmer and use it at the restaurant where they work.

What this concludes is that somewhere along the line, card companies ignored where data breaches actually occur, and just decided to target all online businesses. Now everyone has to jump through hoops when for many there is absolutely no risk of a security breach because the information just isn’t there to steal.

Security is extremely important for all businesses, and protecting cardholders information is every business’s responsibility. Don’t store sensitive data if you don’t have to, and if you do, make absolutely sure you know how to encrypt and store it properly.

Also, if you use any custom made POS software system, you may want to check with the programmer that the system is not storing track data. If it is and you get caught, you can get up to a $100,000 per month fine until it is fixed. That is just a fine for storing the track data, not for an actual data breach which could be significantly higher.

Ebay has become one of the largest marketplaces for selling in the world. Actually getting money from an eBay auction can be as hard as selling something.

Here’s a quick overview of the different methods of payment you can consider for your eBay auctions.

Paypal:
Paypal is by far the easiest and most tightly integrated method of accepting payments on eBay. Paypal is automatically tied into the eBay checkout system, and Paypal is widely used by buyers. There is however a percentage of buyers and sellers that have bad experiences with Paypal, and wont use it. For this reason it is always best to provide at least one supplemental payment method for selling on eBay. But, buyers normally want to use Paypal to pay for auctions and from a sellers perspective it is wise to accept Paypal, even if you have had a negative experience with them. As crazy as this may sound, Paypal auctions almost always sell for much higher than an auctions where Paypal is not accepted. Even an automated credit card acceptance system does not offer a suitable replacement for the wide use of Paypal.

Credit cards:
Credit cards can be tricky to accept on eBay auctions, but are the second most desired method of payment next to Paypal. Depending on how many products you sell, manually accepting orders over the phone from eBay sales can be the perfect solution or simple impossible. There are a variety of pre-made systems that can integrate eBay with your payment gateway and merchant account, but these systems often add unnecessary extra fees to the already high cut that eBay takes. If you run a successful online business, I recommend hiring a programmer to develop an eBay checkout system for your auctions through your existing payment gateway. This creates a much more usable system, and eBay orders can be better integrated with website orders for inventory, customer service, and tracking.

Personal checks:
In my opinion, personal checks are the worst method of payment for eBay auctions that work well enough to consider. Checks are slow, they must clear a bank account, they are prone to bouncing and being lost in the mail, and they create a very poor user experience. With the exception of a few rare occasions, checks are not a convenient, timely, or cost effective method of payments for eBay. The money you save by not using Paypal or accepting credit cards, is most definitely more than offset by the lack of bids you get on your auctions. Nearly every bad experience I have had on eBay was a result of having to send or received a check.

Money orders & cashiers checks:
Money orders and cashiers checks are safe and effective methods of getting paid on eBay. But, they are slow as they have to be mailed by the buyer and deposited into a bank account before the auction item can be shipped. They are best used with high dollar auctions where it is essential that the seller is protected from any buyer fraud or frivolous chargebacks and disputes, and time is not of the utmost importance. For high dollar items, I recommend getting an initial deposit via Paypal or credit card, and accepting the balance by cashiers check. I would consider a high dollar item anything of about $2000 and up.

Cash:
I would not even consider sending or requesting cash through the mail. If you sell locally and are comfortable with meeting your customers, than cash can be a great method of getting paid for your auctions. For most of us, cash is rarely if ever a viable option. For those that do meet their customers, I would highly recommend taking appropriate precautions to protect yourself. If you do not have a business address, I recommend meeting your customers in a public place, not at your residence. Most likely you will never have a problem with a buyer, but it’s simply not worth the risk to you or your family.

Western Union:
Western union is not an acceptable method of payment for eBay. It is commonly associated with fraud, and a very high chance of someone getting burned exists with western union. I do not recommend using western union for auction payments at all. eBay also warns against it. Just don’t do it.

Other 3rd party checkout systems:
There are several other common checkout systems that can be used for accepting payments on eBay. Personally, I find most of these systems to offer a poor experience for a customer, but they are still used often enough to mention. Andale, Bidpay, Vendio, and USAepay are some of the commonly used checkout systems for eBay auctions. These systems have a hosted checkout process for your auction winners. They also help manage your existing auctions, shipping, and have a variety or reporting tools that help you keep track of all of your eBay affairs. All of these services have fees associated with different levels of their services, but they can help sellers that have a large quantity of items to manage.

Using a payment method that your ‘buyers‘ want to use is vital to getting the most out of your eBay auctions. It is important to provide at least two options for payment from your customers, and make it as easy as possible for your customers to pay. One of the largest contributors to a low quantity of bids on auctions is not accepting the payment method that buyers want to use.

There has been a growing attention to the credit card interchange system in the US, ever since Visa and MasterCard declared that they were going to publish their interchange fees. Another source of the growing curiosity is the huge surge in consumer and business interest relating to the fees paid for the ability to accept credit cards.

Visa released their interchange fee structure first, producing the 4 page table that many people in the industry have come to know. MasterCard released a similar but excessively long 72 page monster fee schedule soon after Visa.

Both of these papers make interchange into an improbably difficult web of fees and charges that nobody can easily understand. Even after several years of experience in deciphering them I have to admit that they are extremely complicated. Taking a look at who these fees are actually going to, and the fact that both Visa and MasterCard are now public companies, there are many professionals in the processing industry that are predicting it is just a matter of time before something breaks, and then something changes.

Why is interchange so complicated?

First off, the interchange structure was never meant for consumers to understand or even see. While I don’t advocate this idea, it was a fact until about a month ago until the interchange fee structures were officially released. In fact, it is specifically written in an ISO’s contract with Visa and MasterCard that they will not print or disclose actual interchange fees to the public or even to their customers. These fees were released almost completely unedited, and because of this it makes them difficult to understand from an outsider’s perspective.

The main reason that interchange is so complicated is the quantity of business types and acceptance methods that find themselves on the interchange tables. You have a variety of businesses, retail, keyed entry, quick service restaurant, business to government, ecommerce, gas station, and hundreds more all wanting to accept credit cards. Because fraud probability plays a huge role in the actual interchange fees, it is assumable that it is going to be a complicated structure based on the number of different business types and the fraud that goes with those types. Restaurants have a very low chance of fraud, while gas stations and ecommerce statistically have a very high chance of fraud. Visa and MasterCard decided a long time ago that low fraud industries shouldn’t be charged as much as the high fraud ones, and the list got really big over the years.

The Interchange Problem
The problem with the whole system is that Visa and MasterCard have a complete monopoly on credit cards, and that’s not something that is going to change anytime soon, if ever. Visa and MasterCard also control a huge amount of the physical networks that facilitate the transaction processing and the connections between different banks and processors. They currently have control in nearly every way imaginable over a credit card transaction through every step that it takes.

What makes the situation even more complicated, is that the banks that control Visa and MasterCard are also the banks that issue credit cards. These banks take the biggest cut of interchange fees, and they collect they collect the most from consumer interest on their credit cards. On every transaction they get paid from the business’s processing fees, and interest collected from the consumer.

So what’s going to happen?
What I would like to happen, is for Visa and MasterCard to drastically lower the interchange across the board. Processors can provide a better valued service to their customers, and businesses everywhere pay less to accept payments from their customers. Businesses are happier, and more money goes to their bank accounts, or back into their businesses to help further push sales and growth.

What I think is actually going to happen…
Unlike some industry professionals, and many rumors floating around, I don’t think that interchange is going to go down. At least not enough to make any major difference. The fee structures may get some formatting and clarification, but overall on the individual business level, I expect very little change as far as the overall cost of processing is concerned. As for processors, they may see some changes, but again, it’s unlikely that these events are going to drive interchange down. These companies are now in the business to make their shareholders happy, so going public was a step in the opposite direction of lowering prices.

Anti-Interchange Campaigning
There recently has been a major growth of anti-Visa/MC/Interchange websites aimed at bringing interchange to it’s knees, or at least down a few notches. Websites such as waytoohigh.com have been gaining some very widespread media attention. Waytoohigh.com is run by the two lead plaintiffs of a major class action lawsuit against Visa and Mastercard. While I admire their effort and completely understand their anger, I think that their are some major inaccuracies in their arguments, and in the end their efforts are going to be in vein. Trying to get things like interchange fees printed on every retail receipt, and attempting to shift the cost of interchange to appear as a consumer tax makes their argument come across as unprofessional and simply inaccurate to me.

Standardizing interchange could hurt many businesses
Your typical retail store or restaurant pays between 1.7% and 1.9% per transaction for their credit card processing, not counting downgrade charges. A website pays closer to 2.5%. By standardizing interchange, only one thing is going to happen. The high rate would be adopted by more industries, making credit card processing more expensive overall. I’m sure that every online retailer would love to see a 70% reduction in their processing costs, but it just isn’t going to happen.

When is the last time that you saw a public company cut prices to their consumers without getting something in return? Do you think that Walmart doesn’t know exactly what and where they gain when they make a sale that lowers their revenue? Do you think Google buys a video sharing website for billions of dollars only for the purpose of providing a useful service to their customers?

In the end there is no easy solution:
Visa and Mastercard don’t have to lower their prices, because there is nothing that they will gain from it. People will accept Visa and MasterCard as long as those systems remain the most widely used and convenient ways to pay for something.

Additionally, when Walmart won it’s lawsuit against Visa and MasterCard relating to debit card use, the interchange across the globe coincidentally went up .1% immediately afterwards. So, we can see how well it works in everyone’s favor to win lawsuits against the card companies.

I think that for any major change in interchange pricing to happen, it will take an act of congress. But, the question that remains in my mind, is whether congress would attempt to regulate something in an industry they have very little control over, that would impact the movement of billions of dollars every year, and the US economy in general?

The merchant account services blog, just came out with a guide on integrating a website with Authorize.net.

The guide is written for websites using PHP 5, Curl, and SSL to connect a website to authorize.net using the API method (Known as AIM with Authorize.net).

PHP 5 is required for this particular script. There are several PHP 5+ functions that will make the script completely incompatible with PHP 4. Unfortunately a good percentage of servers are still using PHP 4. Apart from that, it looks like this guide should be all that a developer needs to successfully integrate authorize.net into a shopping cart system.

I really like the feature where the script automatically retries a transaction 3 times if there is an error. This can be common with payment gateways, and it’s definitely not good to return an error or declined message if you absolutely don’t have to. The script also validates the card number using a simple version of the LUHN algorithm to verify the card number against a check-sum, in addition to performing basic card number and expiration date checks.

When it’s all said and done the script will return an approved, error or declined message for your customer’s transaction, and you can send them to whatever page or message on your website that you want.

This script is complete, but I don’t think that a new programmer should change anything they don’t understand, because they have the potential to open security holes if their programming gets broken. This is especially important since this script will transfer sensitive information across web servers.

There are a variety of free and paid scripts out there, but this one is written by a competent group of individuals that have extensive knowledge of payment processing, web development, and web security, so I highly recommend it.

Check it out:
Integrate the Authorize.net Payment Gateway with PHP

I have sold a lot on eBay, probably over $300,000 worth of merchandise over the past six years through my company’s sales and through personal auctions. Due to the nature of eBay I have accepted most of this money using paypal.

Recently I started few auctions on eBay and collecting payment through paypal. I haven’t sold much on ebay in several months. Paypal subsequently froze my account, and wont release he funds (We’ve all heard this story about one million times). This isn’t the first time it has happened to me with paypal. I had a lot of money frozen last year, which took a while to clear up, but I got my account un-frozen after a few days of sending documents to paypal. This time was a completely different story. I think that I may have had either a complete imbecile review the information I submitted, or maybe he was just having a bad day or something. But, Paypal wont un-freeze my account until I send them some documents that I don’t have, and cant get, and there isn’t anything else they will do for me. I understand risk, how to determine it, what situations are higher risk, and this is not one of those situations.

The irony behind all of this is that I run a division of a payment processing company. I have experience in risk management and underwriting, probably more than most of the people working in that department at paypal. I am selling tangible products. I haven’t even processed a large sum of transactions, under $5,000 total.
But, they don’t care.
They don’t care that my customers will back me up and let paypal know personally that my products were legitimate. They don’t care that I have a processing history with paypal of over $200,000 in past transactions without more than one or two frivolous disputes. They don’t care that I have processed over 2,000 transactions using paypal. They don’t care that my company is a merchant account provider that has been in business for 10 years. They just don’t care…

I see the question often whether companies like mine are worried about companies like paypal. The answer is NO. Not in the least bit. Not now, and probably not ever.

Paypal, you have a long way to go.

There are several ways that this situation differs from an actual merchant account. First off, this situation can happen with a merchant account, so don’t think that paypal is completely unique. The two main reasons would be, if a business processes a much higher total volume than what they stated on their application, and if they run much larger transactions than what they stated as their average on their transaction. The specific processing bank that a business is with also determines how much buffer they have to go over their predicted volumes.

Now for the differences:
With a merchant account, you can actually get a person on the phone within 5 minutes, or even 10 minutes. Paypal (-5). Secondly, you can usually talk to someone that actually has a clue about what is going on or at the least they will try to figure it out, and they will actually listen to you and not just look at a report that says ‘freeze’. Paypal (-5)
With a merchant accounts, your provider actually wants to keep your business, (Paypal -2) and they work with you to clear up the problem. (Paypal -1) You are given the benefit of doubt that this could possibly be just good sales. (Paypal -5) Paypal immediately assumes that you are a criminal and then works against you trying to prove you wrong. (Paypal -5)

The risk management business for merchant services is as strict and numbers based as any screening system I have seen, but it doesn’t touch upon the bureaucratic chaos that paypal operates.

Basically, paypal fails because the way they handle these situations. They fail to give you the support that you need, when they took the steps to freeze your account. At least make it easy to contact a real person to clear up the situation, or get some additional information. The only communication they accept is by fax. Lets be realistic here, last time I checked, fax was not considered a secure, efficient, or easy way to communicate with someone.

Finally, paypal needs to get some policies in place to help the people that they make their paychecks from when those people do get in situations like these.

Originally First Data released an initial price of the new FD-100 terminal to be around $200.

Sadly, I learned a few days ago that this was a completely incorrect initial statement. The actual price of the FD-100 is most likely going to be in the $400 – $500 price range.

To me this is quite a lot of money for a terminal that can only be used on FDMS processing platforms. Yes, the terminal does have a ton of features, but some like USB ports aren’t able to be used by the majority of peripherals. The original $200 tag was low enough that it made the terminal worth the cost despite the drawback of being proprietary. I imagine that the $500 version is going to be much more difficult to push into the marketplace, when terminals like the Omni 3750, Hypercom T4100 and a few Nurit terminals have the same features, at a lower price, and they can be used with any processor.

The original FD100 post

With the busiest shopping season for many retail and internet merchants right around the corner, businesses are prepping for the holiday chaos. The busy shopping season also brings the largest season for consumer fraud. Consumer fraud against merchants including ‘return fraud’ costs businesses billions of dollars a year.

With an estimated 3.5 Billion dollars of return fraud during this holiday season, it is very likely that most businesses will be affected by return fraud in some way.

What is return fraud?

Return fraud is when a consumer returns merchandise to a store, with a purpose other than a genuine return. I did some research on return fraud, and found a couple of main types of return fraud that businesses will see.

Returning multiple items on the same receipt is when a customer will return a quantity of an item on a single receipt, by making multiple copies of the receipt. They may purchase additional items at discount and then return them to another store with high prices using fake receipts.

Returning a lower priced item in a higher priced item’s packaging. This would occur when a customer purchases two similar looking items at a very different price. The customer would then put the lower priced item in the higher priced package, return it and keep the higher priced item for themselves.

Renting Stuff is a very common type of fraud for electronic and clothing retailers. A customer will buy some electronic device, or some piece of expensive clothing, use it and then return it. Businesses usually cant sell the returned goods for full price, and take a loss when they discount it. This is more common with higher dollar merchandise.

Stolen Merchandise Returns occur when someone tried to get a refund on merchandise that was stolen, often from the same business the return is taking place at. Employees may also steal merchandise and then have an acquaintance return it for cash.

Counterfeit Money actually tops the entire list of the most common form of return fraud, and can consist of fake checks, or counterfeit cash used to pay for merchandise, and then later the customer tries to return it for real cash.

Employee return credit fraud is one of the most common types of fraud that exists. An employee will issue a credit on their own, or a friend’s credit card through a business’s credit card terminal. This is often overlooked by managers or employers as it can appear as a legitimate refund.

How return fraud costs a business:

Businesses lose to return fraud in several ways. They may be buying merchandise that they never sold, or that was stolen from them.

Businesses may not be able to resell the merchandise that was returned if it were heavily used, or it was simply something that cannot be resold.

A business may be making a payment to one of their employees, or may be loosing money by accepting a deceptively returned product.

Ways to combat return fraud:

A business should have a very clear return and refund policy outlined for their customers, and they should stick to it. I think it should be fair, as there are situations where returns are completely legitimate, but strict enough to stop some of the fraud that is likely to occur.

Businesses should not accept returns without a receipt, and if they do decide to accept a return without a receipt, store credit should be issued instead of cash. Also, if a customer made a purchase with a debit or credit card, the return should always be credited to that exact card. This is also an important chargeback prevention measure. If a business gives cash and then the customer charges back a transaction, the business can lose the chargeback in addition to the money they already refunded.

Implementing a system that keeps track of returned receipt numbers will prevent fraud from copied receipts. For some businesses this may not be a cost effective option, but some system should be used to keep track of returns in the event that electronic means are unavailable.

Employee return credit fraud can be combated by having a business’s credit card machine or POS system to require a password or key to perform a return. Most credit card machines and POS systems can be setup with some type of security to prevent this type of fraud.

Return fraud normally occurs on Friday, Saturday, and Sunday.
Since these are the busiest shopping days, fraudsters go because there is a good chance that their return will be overlooked.

Who’s a target?
The biggest targets of return fraud aren’t necessarily large retailers, as these companies often have complex returning systems designed to prevent return fraud. Target now only allows two non-receipt returns per year, per customer, and many other super retailers are taking similar measures. Take the time to look at your current setup and determine if you are a possible target of return fraud.

Your customers make your business possible, but not every person who visits your store is doing it for legitimate purposes. It is always a good practice to make customers happy, but care should be taken that a business isn’t being taken advantage of in the process.

Well, I had to jump on the bandwagon even though I’m a little late.

Google released their custom search engine last month, and I have finally gotten around to making a merchant account search engine. So far I have compiled a search engine of a little more than 40 websites and pages around the internet that offer useful, accurate and relatively un-biased information about merchant accounts.

Check out the Merchant Account Search Engine.

Some of the sites that the search engine searches are this blog, the merchant account services . org website and blog, Visa, Mastercard’s Merchant Center, Amex, a few Wikipedia pages, most of the other blogs listed in my sidebar, several online discussion forums, and a bunch of other useful sites that I haven’t listed or talked about much here.

Let me know if you have a good resource related to merchant accounts or ecommerce and I will add it to the search engine. Any site will help as long as it is mainly an information resource, is accurate, free and is not a copy of something that I already have. The lineup is expected to change as some of these sites have way too much useless information that just clogs up the custom search engine.

I sell several thousand credit card machines through the company website each month, and one of the most common questions is regarding the warranty on a credit card machine, and how long will a terminal last. Verifone and Hypercom offer 5 Year terminal warranties (1 year on the printer) and Lipman offers a 1 year warranty on their terminals.

How long should a credit card terminal last?

A warranty for a credit card terminal will cover any manufacturer defects with the terminal. Luckily, 99% of the time any defects are found within a week or two of using a terminal, as something that is going to fail is almost always going to fail early on. Thanks to the lack of advanced electronics in most credit card terminals, they are extremely reliable and will operate for many years under normal conditions.There are many terminals in operation today that are over 20 years old. Early Tranz and Zon series terminals, which were originally manufactured in the early 80’s are still working strongly, and are probably the most reliable terminal that have ever been made.

As long as any manufacturer defects are discovered early on, the terminal itself can fairly easily last 6 years or more. The expected life on a credit card terminal from the manufacturer is normally about 100,000 hours. With less than 10,000 hours in a year, the lifespan of a terminal should be around 10 years. The main reason that terminals don’t last this long, is that they are heavily used, dropped, or abused which reduces their life. Things like spilling a soda on the terminal, or dropping it on the floor will almost always drastically reduce the life of a terminal, if it doesn’t break it completely.

Maximizing the life or your terminal:
For a short period of time, liquids or physical shock are the most damaging things to a credit card machine. Looking at a terminal over time, heat, dirt and debris will reduce the overall life of your terminal.

Keep the terminal clean and avoid spilling food and especially liquids on it. Try to keep it in an area where there is adequate airflow, and someone where it wont get bumped or dropped.

Heat kills electronic equipment, and some of the components in a terminal can get fairly warm. Over time this degrades the internal components of the terminal, and will reduce the overall lifespan of the electronics. Try not to keep the AC adapter directly next to the terminal as it is probably the hottest part of the terminal. Also, try not to put the terminal in the exhaust path of a cash register or computer as these can produce a lot of heat that gets blown directly into the terminal.

If you do spill a liquid on it, immediately unplug it and call you processor for cleaning instructions. Normally drying it out and cleaning some of the parts with a mild isopropyl alcohol and water solution will fix it, but contact you provider or you may void your warranty or break your terminal by improperly cleaning it. Also, some terminals have intrusion prevention devices that will cause your terminal to be inoperable if it is opened, so don’t actually disassemble your terminal. The bottom line is that if you spill something on it, unplug it and call your processor’s technical department.