No doubt that thoughtful security planning prevented the loss of credit card or financially sensitive information. However, it doesn’t really lessen the reality that the repercussions from the Zappos breach could be huge. Does data security go far enough if we accept that personal information is completely acceptable to be lost as long as financial information is not?

With the amount of personal information that was obtained in the Zappos breach, the thieves have a very lucrative marketing or hacking information package.

On the marketing side

Companies pay a lot of money for targeted marketing lists like the one that Zappos inadvertently provided. Let’s see, here’s a list of 24 million people that definitely buy things online, most likely shoes or clothing items, FIRE AWAY…

This information is a telemarketer or direct marketer’s dream, and they can target these known shoppers via phone, mail, and email.

On the hacking side

I can almost guarantee that Zappos customers are going to receive an onslaught of highly engineered spam, viruses, offers, and everything else to their emails. At the same time they are going to start getting physical spam, and scam offers, and probably are going to see telemarketing scams as well. There’s really no limit to how the information can be used for malicious purposes. Scam companies and hacking groups trying to install mallware and spyware are extremely efficient and proficient at developing well planned attacks on unsuspecting users. There are millions of computers called zombie computers because they are being used to send spam and other malicious activities without the knowledge of their owners. Expect some more.

As to the encrypted passwords. Websites typically use 1-way hashing mechanisms for password storage. This means that the password is encrypted, but cannot be decrypted by any reasonable means. The caveat to this is that if the hacker knows how the password was hashed, they can create a huge list of hashes and compare them to find the original. This is a very targeted attack, but with 24 million passwords it’s worth a lot of effort. They will begin finding real password very quickly if they discover the hashing mechanism. Since many users do not use unique passwords between websites, the direct loss from being able to log into user’s bank accounts, or other websites will be significant. I always recommend using a unique password with every site you log into, and use a password manager like roboform.

The reality

The reality of this situation is that Zappos is owned by Amazon.com. I can guarantee that Zappos has some stout security in place, and yet one of the largest, most tech oriented companies on earth, just had a data loss of 24 million records. This tells me that that standards we have in place for protecting data, especially non-sensitive data, are not enough. We should not just be protecting financially sensitive data, but all customer data. Sure there may be no direct cost in replacing bank cards, or obtaining new bank account numbers, stopping checks, or posting chargebacks, but the effect to the customer when you lose their data can be remarkable. We’ve yet to see the actual damages that this breach causes, but with the sheer amount of information out there, there could be substantial damages.

Please read up and understand the implications of what this bill will do. There has never been a more 1984esque bill to be taken up by both houses of congress. It is absolutely ridiculous that our country would go this far just to help the massive media corporations under the veil that they are doing it for the good of the people. While supportable in concept, this is one of those “the road to hell was paved with good intentions” bills in what it will actually do.

Please contact your congress person and oppose this bill.

The API supports different logos for card issuers, paypal, google checkout and a few other. A developer can use the API to specify the size, background color and the order of the logos that they need on their website.

Update 08-2011 – Added ebillme and 2checkout.com logos.

Here’s a quick tutorial and a few examples of how to use the API.

1. Create an image tag with the root url: https://www.merchantequip.com/image/
2. Next add the bgcolor parameter to specify a 3 or 6 character HEX background color for your logo. If you do not know the background color: FFF is white, 000 is black. Here is a full HEX color chart. There are also a variety of browser addons if you need to match the exact colors of your website.
3. Next specify the actual logos that you would like to add to your site, in the order you would like to display them. Separate the logos with a pipe | character. Example: v|m|a|d for Visa then MasterCard followed by Amex and Discover.All of the available logo codes are:
   • v = Visa
   • m = MasterCard
   • d = Discover
   • a = Amex
   • g = Google Checkout
   • p = Paypal
   • bml = Bill Me Later
   • ec = eCheck
   • jcb = JCB
   • dc = Diners Club
   • s = Solo
   • me = Maestro
   • mb = Moneybookers
   • az = Amazon Payments
   • in = Interac
   • ebm = eBillme
   • 2co = 2checkout.com
4. Finally specify the height of the logos. The images currently come in 32px and 64px, so size accordingly allowing for a small margin around the images. We will be allowing for dynamic resizing in the future, but for now the only 2 sizes supported are 32px and 64px. Any additional height will be added as a margin.

The actual image url should look like (these are all generated through this exact API):

https://www.merchantequip.com/image/?bgcolor=FFFFFF&logos=v|m|a|d&height=32

The image HTML will look like:

<img src=”https://www.merchantequip.com/image/?bgcolor=FFFFFF&logos=v|m|a|d&height=32″ />

The logo above will display as:

Here’s the same logo using the larger image sizes:

Here’s all of the currently available logos:

While this tool is free to use we greatly appreciate a backlink or credit if you are using images that are hosted through the API. These images are all served securely over SSL, so they may be used on secure/SSL websites and ecommerce sites without errors.

If you have no idea of what an API is or just need logos for your website, please use the credit card logo generator and ignore this post.

Thanks again.

An Overview

Some time back, the IRS decided that they wanted to see a report of all the money that a merchant processes through their merchant account over the year.

While this is a nearly useless number because as we all know, most businesses also accept cash, checks, and other currency, it will in theory catch the most egregious tax evading businesses. Basically, the few fractions of a percent of businesses that grossly cheat on their tax returns “could” get caught. Regardless of the absurdity of requiring the entire country disclose their processing volumes, here we are…

Now for this to work, your processor has to file a 1099 form with the IRS. This is a seemingly simple task. However, for this to actually work, your business information with your processor must exactly match what the IRS has on file. This includes business name, address, your tax id, etc. Things as simple as capitalized letters, a single space, and punctuation will cause a mismatch. You get a new tax id after opening up a merchant account. You signed your application with only your SSN and not your tax id number. Things like this will cause errors. Since it’s rare that merchants fill out their merchant applications with the exact same business information, with the exact same capitalization, and spaces as they do when they fill out their tax information, and nothing changes with their business-IRS relationship, it’s fair to say a lot of tax reporting information will not be valid.

So, what if the tax information is not valid?

So, here comes the nasty part. The IRS mandates that your processor will withhold 28% of all credit card payments until the errors are corrected. Yes, 28% of all of your credit card sales with be held until you fix whatever information is incorrect. And, even if you fix the problem, you wont get that 28% back until the end of the year.

More fees

Most likely you have or will receive notice that you are going to be charged for the work required to verify and prepare this massive undertaking. I’ve seen everything from several hundred $ per year, to a few $ per month. The reason you are being charged this fee is that it actually requires a lot of work to verify and prepare one of these documents for a merchant. Processors often have thousands, or tens of thousands of merchants, which translates into thousands of man hours in just the initial verification, not even taking into account contacting every merchant that has errors to obtain the correct information. If you didn’t authorize e-file for your 1099, your processor needs to mail you a physical form.

Exceptions

The exceptions to the filing requirements are:

1. a merchant’s total payment transactions for the year does not exceed $20,000, and
1. the total number of transactions does not exceed 200

In which case your processor will not need to file a report. This may consist of a good percentage of businesses out there, but most full-time businesses process more than $20,000 per year.

Conclusion

It’s unfortunate that the reporting regulation was ever passed. It’s a useless piece of legislation that creates a lot more work for small businesses and it’s unlikely that the reporting will catch any but the worst tax offenders. But, it’s passed and taking effect and there’s not much any of us can do about it at this point. No matter who you process credit cards with, keep a close eye on the mail and your processing statements for instructions on how to verify your information. My recommendation is to take it very seriously to avoid the 28% withholding.

The past month has brought monumental changes to the payment processing industry.

Mobile frenzy

Mobile payments seem to be on the fast track with just about every tech related company steaming ahead at trying to be the first with a workable and widely adopted mobile payment method. Even Google has jumped in, despite Paypal’s arguments, and hopes to be a major player in mobile payments. If the Google Checkout service is any indicator of Google’s success in mobile payments, they simply aren’t going to make it. However, with their success in the mobile android operating system, and their already massive relationship with businesses, Google may have a chance at something.

Debit Interchange Regulation

The biggest news of the month, is the regulation of debit interchange. After fierce battling for more than a year, debit interchange is to be regulated to $.21 per transaction and .05% per transaction. As written, this applies to all debit card transactions, PIN or signature as well as Ecommerce/MOTO transactions. It’s not entirely clear when and how this will take effect but stay tuned over the next months.

The biggest winners in this regulation are once again the super retailers who process millions of transactions per year. Small and medium size merchants can expect savings, but it will not likely be anything as monumental as the Walmart’s and Amazon.com’s out there. There’s going to be a lot of misinformation flying and aggressive marketing over the next year as many processors will take advantage of the turmoil, misinformation, and instability in the merchant account industry. I would strongly suggest exercising caution in anyone making sensational claims about lowering your rates. Major industry changes offer the greatest opportunity to get scammed into a bad merchant account. Just remember that almost every processor has roughly the same hard costs, so if they are unrealistically lowering fees in one place, they have to make them up somewhere else.

Expect major checking account changes

As a result of banks losing roughly 50% of their revenue from debit cards, we should all expect drastic changes to our personal and business checking accounts over the next year. I know that all of my business and personal debit rewards have been canceled over the past 3 months. I think that debit rewards are the tip of the iceberg, and we should expect changes in debit and checking account fees and overall debit availability over the coming months. Some smaller banks have rumored that they will be dropping debit cards completely, so it will be interesting to see where this all ends up a year from now.

It’s a mute point to argue my position on the interchange regulation at this time. Retailers may be chocking this up as a victory, but don’t start celebrating yet. This regulation may seem like a small amount. Personally I think this regulation will change the way we do banking in the US, and could very well effect the entire retail economy, not necessarily in a good way. The next few years will give us a better picture of what these regulation have done to the retail industries and checking accounts.

About a year ago one of the founders of Twitter and some other talented business persons came up with a mobile payment method called square. Square is a very tiny card reader that attaches to the audio port on a smart phone. It’s truly a clever little device that utilizes an existing port that just about every phone has. Merchant’s can sign up with Square without any fee and just about instantly process. Because of the ease of setup, there’s been some angry customers with money held, but something like this should be expected as the services operates on a similar model to Paypal. Square got some quick funding, and went off to the races faster than any payment related service in history. However, there’s a problem…

Unfortunately, Square also introduced one of the most efficient and low cost methods of creating an advanced credit card skimmer. When you sign up with Square’s processing service, you get the square for FREE. That’s right, for free you can turn your iPhone into a credit card skimming device. Thieves don’t even have to pay the $50 or so for a skimmer anymore, they get one for free. Not only is Square efficient and free, but they’ve already distributed hundreds of thousands of these little skimming nightmares all over the US.

A criminal signs up with Square, obtains the dongle for free and creates a fake Square app on his smartphone. Insert the dongle into the audio jack of a smartphone or iPad, and you’ve got a mobile skimming device that fits in your pocket and that can be used to illegally collect personal and financial data from the magnetic stripe of a payment card. It’s shockingly simple.

There are 2 major problem with the Square hardware.

First, the square device does not encrypt data being transmitted between the reader and the phone. This could easily leave the service open to a targeted attack where other software could read the card information when it is being transmitted between the reader and the phone. This sort of issue may never be a major problem as it would take very specific software or a compromised phone for this flaw to be taken advantage of. However, it still remains a security possibility, one that cannot be overcome without updating the hardware completely.

Second, since the hardware has no encryption or secure link between it and the phone/square service, a programmer could easily write a program that would simply record the card information onto a database or file on the phone. This is the main problem that Verifone and many others are up in arms about. With the large memory cards that are commonly found in phones, a thief could theoretically store millions of card numbers on their phone. Additionally, since just about everyone has a cell phone, it is considerably less conspicuous for a thief to skim cards with a phone than with the dedicated skimmers which look something between a pager or a magnetic card reader you would see attached to a computer.

This morning, VeriFone launched an entire website dedicated towards bringing down square. While VeriFone is a direct and probably the largest competitor of Square with their PayWare Mobile App, they have quickly illustrated not only that the square can be used for skimming, but that there is software that can already be used with the square hardware.

The problem now is that there are tons of these square credit cards readers all over the place, so the damage has already been done. At this point there’s literally nothing that can be done to prevent skimming using square devices. There’s even applications for blackberry and android that already work with the square hardware even though it was designed for the iPhone and iPad. I think that this sort of hardware is a perfect example of what happens when a company pushes software or hardware without putting enough in the research in how to make it secure. There’s more than 1 way to steal a credit card number…

With the amount of focus on PCI and data security of the last 10 years this is a blatant disregard for the most basic best practices, even those established 10 years ago. Twitter may be a whimsical concept, but there’s really nothing amusing about completely botching credit card data security at the expense of consumers and the businesses whom accept those stolen cards…

Update 03-10-2011

So, Jack Dorsey issued a rebuttal to VeriFone‘s website and statements about the Square.

Second, as Dorsey points out, credit card fraud is not new. Every single time you hand over your credit card to someone (whether it is a merchant using Square, or any one of the dozens of other credit card input methods) you are trusting them not to steal it. Criminals steal credit card numbers all the time, both online and offline. But it happens, and when it does, consumers are not liable for fraudulent charges, the credit card companies are.

What’s not fair or accurate is Jack Dorsey’s fundamental lack of understanding of how the credit card industry works! Any merchant knows that if they accept a credit card that was stolen, they are liable for the fraudulent charges. There’s no magical credit card company that’s going to float in and take responsibility for it. The merchant loses when it comes to credit card fraud, plain and simple.

This disregard to merchants all while Square is trying to sell them a processing service is simply insulting. I’m a merchant as well, and this is just disrespectful.

After reading this, I am completely convinced that Jack Dorsey and Square have no business providing a payment service of any type to anyone. Stick to tweeting…

Traditionally, merchants receive zero benefit-of-the-doubt from card issuers when it comes to chargebacks, mainly because issuers make much more money from their card holding customers than from the merchants that accept them.

MSN’s red tape chronicles recently outlined a changing landscape for cardholders that stands to greatly benefit merchants. Banks are finally starting to crack down on friendly fraud type chargebacks. Banks aren’t doing it specifically for the benefit of merchants, as they found that customers whom initiate a large number of possible friendly fraud chargebacks are also those often in financial trouble, it will nevertheless benefit merchants.

In a recent survey, it was found that more than 1/5 of fraud loses come from friendly fraud scenarios. Reducing fraud loses by even 5% overall would be a huge achievement, and would account for almost $7 billion dollars per year in recovered revenue for merchants.

Why use a POS system?

POS systems can greatly increase a business’s operational efficiency. They allow fast checkout at the counter, and can be used to manage inventory, priced, sales, and everything else a retail business would need with respect to the checkout process. Many of the more advanced models can integrate with a database that also controls an ecommerce website for unified inventory and ordering control. They can be self contained units, with an attached credit card reader and printer, which can make for a much cleaner and more organized counter-top. For restaurants, a POS system holds the entire menu, and often uses a fast touch-screen interface. This can reduce wait staff / kitchen errors, add and calculate gratuity, and make the entire payment process significantly smoother. POS systems can save lost sales and handle sales better than the fastest cash register operator. POS systems can truly alter the speed and efficiency that a business operates.

Why not use a POS system?

The point of this article is not to discredit POS systems, as they are absolutely essential for many retail businesses. It is rather to get business owners to look at every aspect of the system before making their decision. This will hopefully relieve some of the upgrade and support shock that is commonly experienced with POS systems down the road.

Cost, cost, cost…

The increased convenience that comes with a POS system often comes at a very high price. Not to say this price is never offset by increased sales and customer satisfaction, but there are real costs in purchasing and owning a POS system. First, there’s the actual monetary price to purchase or lease a POS system which is can be very high, up to $5000 per checkout lane in some cases. There’s often additional fees for each transaction you process because the POS system has to use special connections with processing networks. There’s the cost of programming and maintaining the POS system. The initial setup is usually done by a supporting company that comes on-site to install the system. However, just like a computer network, there must be someone on-staff or on-call or on-contract that can manage the POS system. Managing a POS would include making changes to prices, adding inventory, training, etc., but also includes managing the system in case of errors, power failure, hardware failures, and every other failure scenario a computer, credit card terminal and computer network might run into. If the business owner or manager is not technically-savvy, which is commonplace, it means hiring a person or company to manage the system.

Whether you are going to do it yourself, hire a dedicated employee, or hire a support company to manage and maintain your system, make sure you understand the potential costs and the potential pitfalls of every method.

Upgrades

The upgrades that POS systems require are not always free or even cheap. When you purchase a POS system, it usually comes with a support contract. Depending on the support contract, it may include updates for the life of the POS system, or it may not include major updates, or may not include updates past a certain time period, or may not include any updates at all. It may not include adding new peripherals to the system. You need to add a second bar code scanner? $500 please!

When security regulations change, or when a bug or flaw in the system is discovered and the whole application needs an overhaul, you may end up shelling out a few thousand dollars per lane for upgrades that you have no choice in installing! If you decide to change credit card processors, I’ve seen multi-thousand dollar fees just to update the system with the new credit card processors information.

The point is, POS systems have costs that go well beyond the initial purchase of the system. Make sure you understand all setup costs, upgrade terms and costs, adding or changing peripherals, adding or changing credit card processors, and any other recurring or unanticipated fees that might be required in the future.

Security

PCI-DSS is a constantly evolving guideline for security, and POS systems are often at the sharp end of the regulations. When business owners purchase a POS system, they often assume that the provider is responsible for the security of the system. What we have found in the past 2 years is that this is often not the case, or at least not entirely the case. Even if you have no idea how to manage a POS system, let alone make sure it is secure, you may be responsible and fully liable in the event that someone steals data from your company. Security should be the #1 factor in your decision to purchase a POS system, even before making sure it has all of the features that you need. Neither consumers nor card issuers give a pass for ignorance. Do your homework and make sure that the system is secure now (and PCI compliant) and will be secure, or at least able to upgrade as security policies change, over the next 10 years. Also make sure you understand whom is responsible for the security of the system, most likely it will be you.

Proprietary

Some of the POS systems out there have requirements to process with them or with a certain company. While this can work for some businesses, I am always against merchants being tied down to any single provider. If you’re using a proprietary POS system, and your credit card processor is terrible or is ripping you off, it doesn’t matter. You’ve already made the huge investment in money, time, and training, and you’re not going anywhere. The POS provider and the credit card processor know this as well. If you use a product or service that has effectively eliminated competition due to contractual obligations and / or proprietary equipment, expect them to act that way!

Overkill

The final reason not to use a POS system, is that is it simply overkill for many businesses. Because the price for a POS system requires a great deal of thought and money for a business owner, it’s not common that I see businesses with a POS system that don’t need one, but it does happen. For very small retail and restaurants, a cash register and credit card terminal are often completely sufficient, and can save the business owner thousands of dollars and hours of headaches. Only you can decide this, but don’t chose a multi-thousand dollar POS system just because you think you need it. Don’t chose a credit card terminal just because you think you’ll never need a POS.

These are things that should be well understood before deciding on any method for checkout and payment processing. POS systems are one of the best ways to help a retail business, but if not understood or poorly planned, they can be the biggest money drain you ever experience.

Finally, always have a backup!

No matter what method you choose for your business, make sure you have a backup method of checking out customers and accepting payments. This could mean a calculator and a low cost credit card terminal for some, or just a manual imprinter for others. An outage of your POS system shouldn’t compromise your business.

The term mobile payment is a fairly ambiguous term that could relate to a number of payment technologies. It’s thrown around so much for the buzz effect, that when looking at any announcement about mobile payments, there’s really no way to understand what they’re talking about.

Types of mobile payments

• Wireless / Mobile Credit Card Terminal and Mobile Phones (Merchant based)
• SMS Payments (Merchant and customer based text messaging payments)
• Mobile Wallets (Replaces credit cards with a phone)
• Probably more…

Wireless Credit Card Terminals and Merchant Based Mobile Phones

Starting with what currently works, wireless credit cards terminals are the most used type of mobile payment. These are merchant based credit card terminals that process over a cellular or WiFi connection. They work just like a credit card terminal you would see on a counter, but they can be carried around.

Merchants can also use a variety of mobile phone based terminals like the Way Systems terminals, or the more recent Iphone or blackberry card swipers. These turn a cell phone into a mobile credit card terminal, and often allow the merchant to use their existing phone for processing. Mobile phone based terminals can offer considerable savings over all-in-one mobile credit card terminals. For merchants not needing to swipe their customers cards, the setup cost is essentially nothing, they just key transactions into their phone.

With the exception of some of the new smart phone and iPhone swipers and applications, these systems aren’t new and not particularly exciting, so let’s move onto the more innovative mobile payments.

SMS Payments

Have you ever seen a commercial or advertisement that told you to text “SOME MESSAGE” to 555-555-5555 and a $5 charge will be on your next bill?

This is a SMS payment. The company you are paying has a relationship with cellular carriers that allow them to collect payments from customers through the carrier. These types of services exist with both merchant initiated (they text you first) and customer initiated (you text them) text messages. SMS billing is best suited for very small ticket, and usually phone related items like ringtones.

While a useful and very promising system to select business types, SMS billing has one huge drawback. SMS billing is extremely expensive. In my research I failed to find a single SMS billing company that charges under 50% per transaction! Yes, 50%, and you thought credit card payments were expensive.

Until SMS billing costs can be reduced to a reasonable sub-5% per transaction, they are simply cost prohibitive for the majority of business models.

Mobile Wallets

Mobile wallets are the future of mobile payments and are actually something exciting in the payments industry, believe me this doesn’t happen more than once every 5 years or so. The idea behind a mobile wallet is that you can use your cell phone to pay for a product in a retail store, just like you would using a credit card. Your cell phone would be linked to the payment method of your choice, credit card, bank account, paypal, etc… Since almost everyone has a mobile phone, it seems a natural evolution to be able to pay for something with it. No need to carry a credit card, just swipe your phone and your transaction is complete.

Despite the immediate appeal, mobile wallets have some enormous hurdles to clear before they can even get a set foundation. If it were easy, we would have had this convenience 5 or 10 years ago. Just about every major company with any connection to payment processing is trying to figure out a mobile wallet solution. Next week, I’ll go into the ideas, technology, and hurdles that need to be covered before mobile wallets become a reality.

Just a few months ago, MasterCard announced they would open up their API’s to developers. Just before MasterCard, Visa purchased Cybersource, the company that owns Authorize.net. Amazon.com and Google, 2 of the largest presences on the internet, have their own payment systems, priced identically to Paypal, already with millions of users. And yet, Paypal continues to dominate the alternative payment market. Just imagine if 4 of the largest, and most powerful companies on earth put your business in their cross-hairs…

So how is it that a company like Paypal can withstand competitors, despite their own fallacies, and still maintain near-unchecked dominance over online payments?

Let’s start at the beginning…

In the beginning there was eBay. eBay revolutionized online shopping and person-to-person sales, and not just on the internet. eBay was truly the first, very-successful, online auction and marketplace. No auction site to this day has even put a challenge to eBay’s huge user base. The primary competitors now, are Craigslist and Amazon.com, both operating on entirely different business models, and only 1 with their own payment system. In 2002 eBay purchased the already successful Paypal to replace their failing Billpoint service. Both were payment options that buyers and sellers could use for eBay transactions. Paypal at the time was beating eBay’s Billpoint in popularity, so the acquisition was obvious and well overdue. Eliminating all competition from eBay payments allowed Paypal to gain complete dominance over alternative payments. There were a few others out there, but since eBay was the place to sell stuff, and Paypal was virtually built-in, Paypal became the only choice. eBay’s structure has always made it difficult for traditional merchant accounts and payment gateways to be used, so Paypal was almost always chosen by businesses if not for any reason but convenience. All the while, Paypal continuously advanced on a second front which consisted of a simple shopping cart, customer invoicing and person-to-person payments. This allowed anyone to send and receive money from other people, and allowed just about anyone to sell products on a website. Through these 2 channels, Paypal quickly became the one and only online payment provider.

Paypal has also greatly expanded its website integration methods, allowing for very customized and efficient buying experiences, enticing large ecommerce sites to use them as well.

Paypal plagued with problems

Paypal as a service provider is not without problems. Since their inception, they have been plagued by their poor quality of customer service, virtually non-existent human support, and draconian risk management procedures.

Paypal has one of the poorest track records of customer service anywhere and I believe it rivals any company on earth. I can’t think of a single aspect of Paypal’s business that I haven’t heard major complaints about. Additionally, it’s not just the fact that Paypal has complaints, but the poor manner in which they address, or fail to address, their customer’s problems. There’s over 7,000 complaints with the BBB alone in the past 3 years. There’s millions of angry buyers and sellers that have lost money through Paypal, many of these while following Paypal’s policies to a T. To be quite honest, there’s probably few companies, that could survive with the amount of negative experiences and negative press as Paypal.

Many people, probably the majority, never have problems with Paypal, but many of those who do, often end up abandoning their service altogether.

Onto the answer

Paypal will continue to dominate payments despite complaints, problems, and time, for these reasons.

1. They’re already accepted and used everywhere.
2. They are available where merchant accounts are not.
3. They offer P2P payments.
4. There’s no other option!

They’re already accepted and used everywhere

Paypal’s user base is currently over 100 Million (the number of active accounts is substantially lower). With the sheer number of web users that have a paypal account, and the number of businesses that accept it, it is going to be a daunting task to try and move people away from it.

They are available where merchant accounts are not

As someone who runs a merchant account provider, I can tell you that Paypal has an enormous advantage in that they are not restricted to the people they can service. Paypal is available in most countries in the world. Merchant account provides and most processors are restricted to a few countries. There’s no contracts with Paypal, no terms, monthly fees or termination fees. Lastly, Paypal can facilitate Person to person payments. Merchant account providers cannot do this, neither in principle nor the actual mechanism to facilitate them.

There’s no other option

Realistically, until there’s a huge Paypal abandonment, there’s no other option than Paypal. Payment services are a consumer driven industry. Until consumers want to pay with something else, they will continue to use Paypal. The catch 22 is that merchants accept what their customers use for payment and consumers wont switch until merchants accept it.

For a quick example of how slow payment technologies move, just look at contactless payments. They’ve been around for many years yet only a small percentage of card holders have contactless cards, and an even smaller percentage of merchants accept it. Nothing I have seen in the past 5 years offers compelling evidence that contactless or smart cards or mobile or any other technology will make a move any time soon. There’s often a lot of press and noise on these new technologies, but very little actual implementation.

They offer P2P payments

Paypal offers P2P (person-to-person) payments, allowing any person with an email address to send money to another person. This has 2 competitive advantages. It first gives Paypal the massive user base that’s not restricted just to businesses. Second, it gives them an enormous cost advantage over merchant account providers. Since roughly 50% of Paypal’s payments are funded from an account and not a credit card, Paypal isn’t charged any fee for these. They do however charge the merchant the fee. When you put this into their own cost/revenue breakdown, it effectively reducing their internal cost by 50%.

Visa and MasterCard have made it so difficult to create the type of business (Called an aggregator or 3rd party processor), there’s little chance of anyone being able to successfully do it. Just try to find a relevant accurate guide on how to set up a payment aggregator or 3rd party processor. It doesn’t exist because it’s only been done a few times, and of those that have succeeded, even fewer have survived. In the research I’ve done and helped others with on this type of business, it would take tens of millions of dollars just to get established. A business like this would need to have an enormous user base or some very good reason to people to start using their service or they would simply fade away like the many that have tried.

Where the competitors are going wrong.

The key mistake that Visa, MasterCard, Google, and Amazon are making is that unless they can answer the P2P payment issue, they will never pose a real threat to Paypal. Paypal is just as innovative on everything from mobile payments to ecommerce as anyone out there. They created their X-platform and are opening it up to developers, which allows for very advanced development like 3rd part payments, aggregating, and mobile or retail integration. Visa and MasterCard have no chance by themselves, it’s absurd for them to think that their brand is important enough without the other issuers to make in this space. I can’t see all of the issuers joining forces to create a massive P2P payment system any time soon, not to mention they would have more antitrust lawsuits flying than has ever been seen.

Realistically, these Paypal challengers are only banking on Paypal’s poor customer service reputation to try and gain a market share, and Paypal users aren’t jumping ship.

I would say that right now, Google and Amazon are the only ones with a shot, and based on their user base, they have a good one. Aside from the lack of P2P payments, they are still failing in getting consumers to switch their payment systems, and until they do, they will not pose a real challenge.