I finally got around to programming another simple tool.

The lease cost calculator will show how much the total cost of leasing processing equipment will cost, and will also show you how much money you save by buying equipment outright. There are about 25 common terminals programmed into it, and the price for those terminals was obtained from the equipment that we sell or one of our competitors sell. This way, I know that the piece of equipment is readily available at the listed price.

Processing Equipment Lease Cost Calculator

Credit card history can be traced as far back as the 1890’s in Europe. Credit itself historically dates back to 1700’s.

Credit cards were first used in the 1920’s in the United States where individual companies such as oil firms and hotel chains began issuing them to their customers. These cards were proprietary, and were more similar to what we would now call a loyalty card. The great depression, followed by world war two, created an enormous setback in the advancement of the credit card industry. This industry did pick back up when the country was back in a more stable condition at the end of world war two.

The first issued credit card appeared in the 1946 when Diners Club issued the Diners Club card in the United States. Diners Club cards were targeted at the restaurant industry, where patrons could pay with their card which was billed by Diners Club. Unlike the proprietary cards of the 1920’s, Diners Club cards could be used at any restaurant that accepted them. Diners Club cards are still used today, although the number of people using Diners Club cards has greatly depreciated over the years.

In 1958, Bank of America and American Express both issued credit cards. These credit cards, The American Express Card, and the BankAmericard were the first bank issued cards, and their success was apparent almost overnight. In 1966, Bank of America allowed licensing of the BankAmericard card to help spread the BankAmericard, and settle and collect on a widespread basis. BankAmericard was later changed to the Visa card to separate the name Bank of America from the name of the card.

Also in 1966, fourteen US banks formed an alliance called Interlink which enabled the ability to exchange information on credit card transactions. BankAmericard had virtually an exclusive market share until 1967. In 1967, MasterCharge, now known as MasterCard was a created as a collaboration in response to the success the BankAmericard. MasterCharge was made by 4 California banks, called the Western States BankCard Association.

Interestingly, both Visa and MasterCard were started as non-profit organizations. Visa and MasterCard issue credit cards through participating banks, which are for-profit. Visa and MasterCard board members were run by high ranking bank executives and were the governing bodies over the issuing of cards to their respective customers. BankAmericard was changed to Visa in 1976, and MasterCharge was changed to MasterCard in 1979.

In 1979, magnetic strips were added to the back of credit cards, in response to the creation of the electronic credit card terminal. The ability to process transactions electronically was another turning point in the evolution of the credit card industry.

See -> History of the Credit Card Terminal

By the mid 1970’s, banks had an unchecked power over issuing credit cards, and sending active cards through the mail was not an uncommon practice. During this time the government was forced to step in and regulate the issuing and collecting of credit cards. Again in 1995, the government was needed to regulate the amount and quantity of fees that banks could charge their customers. Banks changed penalty fees from $5 – $10 to $30 or more without precedence. Several court cases including the Smiley vs. Citibank case which went to the supreme court, caused the government to look closer at the practices of banks and their assessment of fees on their customers. Fees are interest rates which are still rising today, are watched very closely by the government to help protect consumers.

Credit card issuing, collecting, and acceptance are now regulated by several government bodies including the FCC (Federal Communications Commission ) and the FTC (Federal Trade Commission).

From the 1970’s through today, credit card issuing and acceptance have seen massive growth across the globe. Nearly every person in America has a credit or debit card of some form. Additionally in 2004, the use of credit and debit cards surpassed cash and checks as the most commonly used form of payment in the US.

I have been searching around for several days now, and I cant seem to find a decent resource as to history pertaining to credit card acceptance and the bankcard business. The next few posts will be a series of history related articles.

Credit card terminals which have a place on the counter of millions of businesses have a very short history. This would most likely explain why the terminals that are most common today are using technology that is 20 years old. Much like the military, credit card terminals base their technology on reliability and security. While new technologies can offer great security, these technologies have not been time tested and are slow to make their way into payment processing.

1. Manual Imprinters
   • Manual Imprinters have been around since the beginning of a wide acceptance of credit cards. They are still as widely used and are considered a great backup processing method when a businesses primary method is unavailable. Originally, merchants would imprint their customers cards and then mail their slips into their bank. This process was time consuming and did not offer the speed or instant transfer capabilities that are standard today. Using a manual imprinter now, merchants can call in transactions for instant approval. The transactions are now electronically deposited into a businesses bank account.
2. Electronic Authorizations
   • The first electronic credit card authorizations were done over the phone, and often took upward of 5 minutes. Merchants had the choice of imprinting their transactions or calling in for an authorization. Because of the long waiting time for authorizing a transaction over the phone, many businesses opted for voice authorization only on larger transactions.
3. Point of Sale Terminals
   • Point of sale terminals emerged in 1979, when Visa introduced a bulky electronic data capturing terminal. This was the first of credit card terminals as we know them today, and greatly reduced the time required to process a credit card. In the same year, MasterCharge became MasterCard and credit cards were replaced to include a magnetic information stripe.
     1979 was a turning point in the credit card processing industry.

   • Verifone:
     In 1981 a small electronics company started in Hawaii that we now know as Verifone. Verifone’s first contract was a 200 terminal order from Tymshare. In 1983 Verifone introduced the ZON terminal which was the first terminal that could be considered modern. The ZON series terminals set the standard for all credit card terminals, and are still being used by many merchants today. ZON terminals led the way for the Tranz series terminals and later the Omni series terminals from Verifone. To this day, Verifone has maintained their line of best selling terminals in the world. Verifone is the largest manufacturer of processing terminals in the world.
   • Hypercom:
     Hypercom is the number 2 market leader in processing terminals, and since its change to payment processing technologies in 1982, has been the main global competitor of Verifone. Hypercom through the years has manufactured a long line of reliable processing terminals, both in printer and printer-less form. The Hypercom T7P has been on of the best selling terminals in history, and the newer Hypercom T7 Plus, is a steady competitor to any comparable terminal. Hypercom also manufacturers the ICE series terminals which are highly advanced and made to handle large customer processing applications, which are being replaced by the Optimum series terminals. Hypercom’s Optimum T4100 is already competing as a worthy high-end terminal.
   • Lipman:
     In 1994 Lipman Electronic Engineering, Ltd. was established in Israel. Lipman quickly grew, and now has offices and distributors in nearly every country in the world. Lipman is the manufacturer of the Nurit line of processing terminals. Because of Verifone’s already firm place in the payment processing industry when Lipman was established, Lipman targeted an untapped niche in the processing industry. While, Lipman holds about a 10% share in wired credit card terminals, they are the undisputed leader with more than 95% share in wireless processing terminals. Lipman has produced a variety of terminals since its creation, starting with the Nurit 2070. The most current models are the Nurit 8100 and the Nurit 8000. Of all processing equipment manufacturers, Lipman is the quickest to adapt new technologies into their processing equipment. Although Lipman is know widely for their wireless terminals, their land-line terminals also are some of the most popular and reliable terminals available. The Nurit 2085 is one of the widely used terminals in the US, and offers exceptional ease of use and reliability.
4. Other Equipment Manufacturers:
   • Verifone, Hypercom, and Lipman are the big three equipment manufacturers, but there are other important companies that manufacturer processing equipment. Thales, Ingenico, Schlumberger, and Linkpoint are a few of the larger companies. Apriva, Comstar, and eProcessingNetwork are a few of the smaller companies that specialize in wireless technologies.
5. The Future:
   • Credit card processing technology has a lot of room for advancement. Increasing processing speed, reliability and security are driving forces behind processing technology advancement. While IP and WiFi based processing are just emerging, contact-less payments, biotechnology, and smart cards are just around the corner. The processing industry has a lot to look forward to, and will definitely be adapting new technologies in the near future.

References:
Visa History
MasterCard History
Verifone Time-line
Hypercom History
Lipman History

Updated***

We have compiled a timeline of credit card terminal history.

Wireless credit card machines hold the future of credit card processing. Wireless credit card machines offer businesses the ability to process credit and debit card at virtually any location. There are several common pitfalls not found with traditional credit card terminals that a potential buyer can fall into if not careful when looking to purchase a wireless credit card terminal. Over priced equipment, wireless coverage availability, and outdated equipment top the list for the most common problems found when purchasing a wireless credit card machine.

Common Pitfalls

Pitfall – 1, Over Priced Equipment
The most common wireless terminals in use in the US are the Nurit 3010, the Nurit 8000, and the Nurit 8000 GPRS. The manufacturer Lipman, only makes 1 version of each terminal. The price for any of these terminals should fall into the $700 – $900 range for a new terminal. Anything higher and you are being ripped off. No matter what your provider tells you, this is how much you can buy these terminals for. There are no other versions of these terminals, so don’t be talked into an overpriced terminal.

Pitfall – 2, Outdated Equipment, Outdated Networks
It is often very easy to find a ‘very low’ priced wireless credit card terminal on ebay or at other marketplaces. Many of these terminals use outdated processing networks, and what was a wireless terminal, will no longer work for wireless processing. Many Nurit 3010, and Nurit 2090 wireless terminals use a network called the CDPD network. This wireless network is all but abandoned for credit card processing and you will not be able to use this terminal for wireless processing.

Make absolutely sure that the wireless terminal that you are buying is not one made for the CDPD network. If the seller does not know, or will not disclose what network the terminal is programmed for, then do not buy the terminal. In general, if the offer just sounds too good to be true, then it probably is. Also, many merchants that are selling their used terminals may have no idea what network the terminal operates on. Whatever the case, you need to make sure the terminal is not programmed for the CDPD network.

Pitfall – 3, Wireless Processing, Wireless Service Coverage
The ability of being able to process anywhere at any time is a great asset for many mobile businesses. But, don’t confuse the coverage area that your cellular phone gets with what is available for wireless processing. Wireless credit card terminals currently operate on three wireless networks; the Motient, Mobitex, and GPRS Edge networks. All three of these networks are considered business class networks that have much better data, speed, and security than traditional cellular networks. Wireless processing networks also have much lower cellular coverage availability than cellular phone networks.

(more…)

Ebay and Paypal now seem like they were a match made in heaven. Paypal and Ebay started out as two different companies. Both Ebay and Paypal have grown very rapidly. After both Ebay and Paypal became well established, Ebay saw huge potential in Paypal and several other smaller 3rd party processing companies. Ebay did what any other corporate monster would do. They bought all of them.

Even though Ebay and Paypal work seamlessly together and Paypal is widely accepted, it is important for Ebay sellers to look at accepting other payment methods for their Ebay sales.

Why?…

I have done a significant amount of research in my selling on Ebay. I have three Ebay accounts, one personal and two business, all three are power seller accounts. In my experience, if you accept ‘only Paypal’ on Ebay, you are loosing between 20% and 30% of your potential customers from Ebay. If you sell primarily business to business, you are probably loosing a lot more than that.

Paypal is notorious for some of the worst customer service and poorest user experience of any online service, ever…

There is a huge population of people who absolutely refuse to use Paypal, under any circumstance. There is no middle line. Whether these people have gotten ripped off through Paypal, had their account held, or just don’t like Paypal, is irrelevant. The fact is that these people may want to buy from you, and while you may have the best prices or best service ever, you cant have their business.

My personal belief in business, is that making the buying process for your customers easy and trouble free, is absolutely key to gaining new and keeping current customers. This extends into online sales and any other channel of sales and marketing that your company uses.

Give customers another option for payment:
Accepting credit cards is the best alternative to Paypal for Ebay sellers. Checks are also a good fit, but only if a business is able to accept the checks electronically over the phone or online. Cash is the least convenient method of paying online, and I wouldn’t even consider it as widely used on Ebay. Mailing in checks or money orders is time consuming, and offers very little protection from fraud. From time to time I still see sellers that only accept checks or money orders by mail, and I personally will not buy from them. If you only accept payment by mail, I pretty much guarantee that you will see a jump in sales if you switch to electronic payment. Apart from this, many people don’t factor in the time it takes to go to the bank, make a deposit, wait for it to clear, hope it clears for checks. Time is the most valuable resource, and I know that everyone has better things to do than go to the bank, especially for business owners.

Even if you need to have your Ebay customers call when they want to pay with a credit card or check, you are still providing your customers with the method of payment that they chose. Whether you believe the customer is always right or not, it is un-arguable that customers make business possible. Make your customers happy by giving them the options that they want, and they will reward you for it.

There are of course integrated solutions that will allow your website to integrate your Ebay sales into it, and 3rd party checkout systems. While these systems are often very high quality, this often comes at a price that is too high for smaller Ebay sellers. For this reason, accepting Ebay payments over the phone is one of the cheapest and easiest methods available.

Paypal is so much cheaper:
Paypal is cheaper only when a business does an enormous volume of transactions. Otherwise, the fees for Paypal and the fees for a merchant account are very similar. Accepting checks electronically is normally cheaper than credit cards, and therefor cheaper than Paypal as well.

Paypal also does their best to remove customer and business owner’s rights when a disagreement does happen. Merchants on Paypal often have their accounts frozen for high sales volumes, and both sellers and buyers often lose as a result of fraud. This is another of the numerous reason why people dislike Paypal.

Conclusion:
20% – 30% seems like a lot to me. That could easily be the difference between a successful business and a failure. These numbers may not prove exact for every person that sells on Ebay because of the vast difference in buyer trends with each type of product, but having tested loosing 20% of business when credit cards are not an option is enough proof for myself.

I normally try to keep SEO separate from the realm of credit card processing, but this is a great article written by Bill Hartzer that details the importance of optimizing ecommerce websites. Ecommerce websites are often cookie-cutter OsCommerce and other dynamic shopping based sites, and this article can greatly help those sites to rank in the search engines. Even if you don’t run an OsCommerce website, this article is a must for anyone involved in ecommerce.

Bill Hartzer manages the Search Engine Marketing division of MarketNet Inc http://www.marketnet.com. He is also a fellow moderator of mine at the webproworld forums http://www.webproworld.com/forum.php.

If you run an ecommerce site, then you know that it’s important to make sure that your products show up in the organic search results ahead of your competitors-especially if your competitor is selling the same products. Optimizing your ecommerce web site for the search engines can be tricky at times, so we’ll examine what’s really required in order for your products to rank better than your competitor’s products in the organic search results.

Full Article

Several Web hosting companies that use the Authorize.Net service to accept credit cards online saw a sudden spike in transactions over the weekend. The transactions, most for $500 and $700, were billed to Visa, MasterCard and American Express cards that belong to people across the U.S., representatives for three Web hosts told CNET News.com.

The Web hosting companies discovered the unusual charges through e-mail alerts that Authorize.Net sends after each transaction. Close to 3,000 suspicious transactions were pushed through the merchant accounts of three companies with which CNET News.com spoke, and more likely happened at other Web hosts, these three companies said.

On Sunday morning, in about an hour-and-a-half time period, fraudsters ran close to 1,500 transactions through the Authorize.Net account of Defender Technologies Group, a Web host in Ashburn, Va., said Tom Kiblin, the company’s CEO. “It was just under $1 million that got put through on our account,” he said. Kiblin says he has reported the matter to the U.S. Secret Service.

This sounds like a really bad credit card fraud case, but looking at the situation positively, the business caught the huge amount of fraudulent charges before it became an even bigger problem. If these credit card numbers were obtained from a single source, there should be very little trouble finding where the data was lost at. Visa and MasterCard have systems dedicated to tracking down the source of a loss of information, by matching similarities in charges on different credit cards.

Full Article – http://news.zdnet.com/2100-1009_22-6057305.html

The BBB has co-authored a guide to help small businesses be secure and to help protect user privacy. This is an excellent guide for any small business. It was sponsored by Visa, IBM, Equifax, Verizon, The Wall Street Journal, Ebay, and Paypal. We support and recommend these practices in every way.

Please click on the link to view the PDF, or download the ZIP version to your computer.
Guide to Small Business Security PDF
Guide to Small Business Security ZIP Download

SDP /CISP / PCI is a standard that many businesses must adhere to to help protect consumer data. CISP (Cardholder Information Security Program) is a Visa security standard that is designed to help protect all levels of business from fraud and loss of data. MasterCard has a similar program called SDP (Site Data Protection). CISP / PCI is a standard that is designed to help secure and protect sensitive data specifically relating to the payment card industry. CISP compliance extends beyond online businesses and applies to Retail (brick-and-mortar), and Moto (keyed entry) businesses in addition to ecommerce. CISP compliance is outlined here rather than the SDP program because it is more restrictive and better organized.

PCI / CISP is designed to be implemented by any businesses that accepts of facilitates credit card transactions or the handling of sensitive credit card and user information. Businesses that do not store or handle credit card information, are not subject to CISP regulations.

Visa: Note that these Payment Card Industry (PCI) Data Security Requirements apply to all Members, merchants, and service providers that store, process or transmit card-holder data. Additionally, these security requirements apply to all “system components” which is defined as any network component, server, or application included in, or connected to, the card-holder data environment. Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, web, database, authentication, DNS, mail, proxy, and NTP. Applications include all purchased and custom applications, including internal and external (web) applications.

PCI / CISP Basic Requirements:

1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored data.
4. Encrypt transmission of card-holder data and sensitive information across public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to card-holder data.
10. Track and monitor all access to network resources and card-holder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

If you read the full CISP manual, you will find that each requirement is broken into several sub-requirements. CISP attempts to leave no stone unturned and no margin for error.

How To Implement PCI / CISP:
Most of the CISP requirements are simple common sense. CISP is heavily geared toward websites and other easily accessible systems where there is a huge potential for a loss of sensitive data. Many of the technical issues are very complex and the requirements are very strict. I have helped to secure several web servers for CISP compliance, and to say that the requirements are strict is a gross understatement. Not only are there basic firewall and network infrastructure requirements, but there are hundreds of update, software versions, and patch requirements that must be met for a web server to be CISP compliant. A single missing software version update, or patch, or a single compromised web port, will cause a server to fail CISP compliance.

To start on the road to compliance look at the Visa PCI / CISP Pdf linked at the bottom of this document. All of the requirements are listed to be CISP compliant. After you meet all of the requirements, you will need to get with a company that certifies businesses for CISP compliance. They will normally perform a series of checks on your server, and give you the results of their inspection. The checks that they perform are essentially an attack on your web server, and they will try to exploit any known vulnerability. They also check the software, and current versions of several applications on the server making sure they are all up to the current version. You can also start by doing a scan and fix whatever areas are not up to standard.

A Warning: Make sure your web host knows that you are going to be doing these tests, or they may mistake them for a true attack.

CISP non-compliance and loss of data penalties:
The fines for not complying with CISP are low, up until there is an actual loss of data. Visa and MasterCard can shut down or fine non-complying merchants, but due to the current lack of organization and the impossibility to monitor every business and organization, larger companies are the only ones who are currently monitored. It is the responsibility of a business to ensure that they take the steps to become CISP compliant. If a business is not CISP compliant and a loss of data occurs, there is a $500,000 fine from Visa alone for loosing data and an additional $100,000 fine just for not being CISP compliant. $600,000 for not-becoming CISP compliant and loosing data because of it, and this applies for any business that accepts credit or debit cards. A single credit card number that is lost and is traced back to a business is considered a loss of data.

Apart from the monetary penalties, it never looks good when a business looses data. News agencies jump on these stories, and instantly make a business look like a criminal organization. I’m sick of reading about them, and I’m sure you are as well, so protect your data.

Overview:
I personally don’t recommend storing credit card numbers at all in an online database. Not only is the CISP compliance very difficult to achieve, but it just isn’t a safe practice. If card information is stored online, it must also be encrypted so that if there is some sort of data loss, the data will be useless. Even with CISP compliance it is still possible for someone to gain access to a server. No matter how secure something is, there is almost always a way for the system to become compromised. Also for retail businesses, employees are one of the largest causes of loss of data. Card information should only be accessible by select people that need access to it.

PCI / CISP Resources:
Visa CISP / PCI Compliance PDF
ScanAlert – PCI CISP Certification

Related Articles:
Credit Card Truncation

CardSystems gained notoriety last year when they experienced that largest loss of financial and credit card date in history. As many as 40 million credit card numbers were compromised after CardSystem’s database was hacked. The database was apparently unencrypted resulting in a potential total loss of customer information.

CardSystems was acquired by pay By Touch shortly after the incident and CardSystems subsequent breakup. Pay By Touch must now implement a third-party managed information security program for the next 20 years.