I’ve been working on a new project for some time now, and it is finally complete enough to make public (still has a long way to go though). I started making a payment provider directory a few months ago and after integrating various ideas into it, I think it is finally going to be something worth the effort. All of the other payment services directories (BOTW, DMOZ, Business.com) are terrible, and I hope to make this an authoritative, unbiased directory for processing services.

Basically, this payment directory is designed to list only real, registered payments related service providers. There is no bias to any company. This should help business owners that are trying to verify the validity of a company that they are looking at. It also has a visual feature on the front page that organizes different service providers in a hierarchical model. It’s the only visual model of processor relationships that I have ever seen, and it makes a lot of sense to me especially after seeing it come together. I don’t plan to have user reviews of any companies at this time, mainly to avoid the “this company sucks” reviews, which don’t provide a lot of value to most individuals.

Current Categories:
Registered ISO’s / MSP’s / Banks (Must be registered with Visa, Mastercard and a sponsor bank. Sales agents don’t count.)
1st Tier Payment Gateways (Co-branded payment gateways don’t count.)
Processing Equipment Manufacturers
Bankcard Attorneys (Must be an active member of a state Bar, and have experience in bankcard law)
PCI / SDP / CISP Security Services

Future Categories: (the spam potential is huge for these so I’m hesitant to add them)
Outside Sales Agents
Shopping Carts

There’s definitely some inaccuracies in relationships at this time, but I expect to work these out in the next few months. As more companies are added to the directory the visual model will become increasingly accurate. I have to give credit to smashing magazine, as their recent post on data visualization inspired me to apply it to the directory. Also, the data visualization code JsViz was used for the homepage which is pulled dynamically from the directory database.

I will admit upfront that the visual model is innaccurate in the sense that many ISO’s are registered with more than one processor. As a result, an actual visual model would look like a spiderweb rather than a snowflake.

So, if you get a chance, check out the payment directory. Contributions will be very appreciated, and please let me know if you find any incorrect information, or suggestions.

Amazon is planning on extending their payment service to non-amazon payments in a system designed to compete with Google checkout and Paypal. Instead of adopting the features of just Google Checkout or Paypal, Amazon will use some of the features from both services.

This service is supposed to offer a simple integration method similar to Google checkout where visitors will be redirected to amazon.com to finalize their purchases. Additionally, this service will act as a P2P transfer system between amazon.com members.

Since amazon.com has a huge base of businesses that sell on the amazon.com website, this new payment service could become a major competitor for both Paypal and Google. Unlike Google, who has had difficulties in getting widespread adoption of the Google checkout system, Amazon already has the businesses to support a new system, and for many this new payment system would be quickly adopted. Ebay was the driving force behind paypal, and Amazon.com is definitely large enough to be a driving force behind their own payment system.

Originally reported on TechCrunch »

I thought that this was appropriate considering my latest post.

First Data recently released a program for high-risk businesses so they would not have to go to an offshore or 3rd party processor. Not all high-risk businesses can use this program, but it does allow some of the industries that were previously considered too risky, to process with First Data. Card Service International could take some of these businesses before, but now any ISO that has the ability to sign with the tier 2 program can service these businesses without referring them to CSI.

Businesses that can process with the tier 2 program:

• Adult Products/Merchandise-Not Unqualified (Non Graphic Images)
• Auction Houses
• Charities (other than well known events or causes which are Low Risk)
• Companion/Escort Services (Non-Adult)
• Coupons/Certificates
• Custom Made Items (Except Golf Clubs)
• **Dating Services (on-line, no Adult)
• Diet programs/vitamin sales/herbal remedies-Via MO/TO or Internet
• Discount Buying Clubs/Home Shopping Clubs
• Financial Aid/counseling/student loans/scholarship search services
• Financial Consultants
• Flea Markets (Defined as firms/individuals operating from a Booth, on a part time basis with no lease or telephone availability; whether indoors or outdoor)
• Fortune Tellers (Brick and Mortar)
• Fulfillment Centers (not Aggregators which are Unqualified)
• Gambling advice/Sports Forecasting or Odds making (unless audio or video text which require Visa Registration)
• Membership Clubs -Health and Sports (Extended Memberships)
• Import/Export (Non Mag Stripe or MO/TO)
• Investment Programs/ Opportunities/Seminars
• Pseudo-pharmaceuticals (anti-aging pills, Sex Nutrients, etc.)
• Real Estate Agents/Brokers engaged in vacation
• beach or ski home rentals.
• Seminars (including Real Estate)
• Shippers/Forwarding Brokers and Motor Freight Carriers
• Subscription Services (magazine, newspaper, newsletter).
• Telephone Services/Prepaid Cards
• Theatre/Concerts
• Ticket Brokers
• Timeshare
• Timeshare Advertising Services
• Travel Agents/Tour Operators
• Travel Clubs
• Water Filters/Purifiers
• Door to Door Sales

As I understand, not all First Data ISO’s are allowed to sign businesses on the tier 2 program. Also, these businesses will have to pay a slightly higher rate, but it should be very reasonable when compared to an offshore provider (~ + 10 – 20 basis points, and $.05 – $.10 above a standard rate).

These are the business types which are prohibited with most US processors. Some processors may allow a few of these assuming they have business history, but generally these businesses won’t be able to process with a US provider.

• All Sexually Oriented or Pornographic merchants including:
  • Adult Book Stores
  • Adult Telephone Conversations or video text
  • Companion/Escort Services/Dating Services
  • Massage Parlors
  • Topless bars/clubs
  • Modeling agencies
  • Misc entertainment (not elsewhere classified)
• Aggregators (third party payment processors)
• Audio/video text
• Airlines
• Cruise Lines
• Any Illegal products/services or any service or product providing peripheral support of illegal activities
• Auction Houses
• Bail Bondsmen
• Cellular Phone/Beepers (Services, not equipment)
• Chain Letters
• Charities (other than well known)
• Check Cashing
• Collection agencies or firms involved in recovering/collection past due receivables
• Credit Repair
• Credit Card Protection or Identity Theft Services
• Currency Exchanges
• Drug Paraphernalia
• Extended Warranty Companies
• Flea Markets (with no lease and phone availability) (Virtual terminal/Wireless consider High Risk)
• Fortune Tellers
• Merchants offering free gifts, prizes, sweepstakes or contests as an inducement to purchase a product/service
• Get Rich Quick Schemes
• Health Membership Clubs (Extended Memberships)
• Import/Export (Non Mag Stripe or MO/TO)
• Investment Programs/ Opportunities
• Non face-to-face pharmacy sales (non-institutional)
• Non face-to- face tobacco/cigarette sales
• Lotteries, Gambling, internet Gambling, contests or sweepstakes
• Sports forecasting or odds making
• Mortgage Reduction Services
• Taxi/Limousines (singletons) Virtual terminal/Wireless consider High Risk)
• Pseudo-pharmaceuticals (anti-aging, sex nutrients, etc.)
• Prepaid Cards/quasi cash
• Real Estate Seminars
• Shippers/forwarding Brokers
• Timeshare
• Travel Agents/Tour Operators/Travel Clubs
• Merchants engaged in Door to Door Sales
• Pyramid or multi-level marketing distribution
• Third party order fulfillment
• Merchants engaged in Outbound Telemarketing
• Infomercial merchants or other inbound telemarketers engaged in upsell
• Merchants offering rebates or special incentives

It’s been two years since I started writing this blog. It went through some very weak periods, especially in the beginning, but I’m happy to see it has come this far. I would like to thank all of the subscribers to this blog, and anyone else who occasionally stops by. I have received more than one email of praise and I’m glad that the information that I provide has been useful for a few people out there.

I will have to admit that the hardest part of blogging is maintaining any form of consistency which is blatantly obvious if you look at my topics or post dates.

If you have any suggestions for the future, or if there is any topic that you think should be addressed more / better please let me know. I have a few major ideas planned for the near future, but I’m always open to suggestions, and criticism.

Once again, thank you all for reading.

I just learned that Verifone is rumored to be planning on phasing out a lot of their current terminals, for technical reasons. Supposedly, by the beginning of next year it looks like we will be using an entirely different line of Verifone terminals.

Among those that are rumored to be going away are the Omni 3740, 3750, and the Nurit 8000. These will be replaced by the Verifone VX 570, and the Lipman Nurit 8200 / 8020 (?? – Not entirely sure on this one). The VX 610 still hasn’t gotten off the ground, and because of past performance, I think they will stick with another wireless terminal based on the Nurit line.

There hasn’t been any official release from Verifone about this, but if it plays out, Verifone will be scrambling to get processors to certify and support the newer terminals this fall. Additionally, I don’t think this will have any effect on current 3750 or 8000 users, as these terminals are still very new, and the impact would be huge on the current processing industry, if they stopped supporting these.

Overall, this is not bad news, since the price of the Omni’s and most other Verifone terminals recently went up, while the VX 570 stayed about the same. Anyway, be watching Verifone over the next few months to see if this actually plays out.

A few weeks ago Elastic Path published their Ecommerce Checkout Report which was a great breakdown of the online trends of the top 100 internet retailing websites.

One area that I found particularly interesting is that only about half of the top 100 online retailers require additional card verification (CVV2, CID, CVC, etc) information to be entered when a customer makes a purchase.

Card Code Verification is a basic fraud deterrent because the purchaser must have the card in hand, or have copied the entire number, expiration date and code from the back of the card to use it. It eliminates fraud from credit card skimming as the card verification code is not on the magnetic stripe and therefore cannot be used where CVV2 is required. It’s by no means a complete solution, nor is it acceptable as the only method of preventing fraud. It is a great tool, that costs nothing, and can save a business from a lot of unnecessary fraudulent orders.

So, why would the biggest online retailers not require this most basic information for orders that they accept.

The simple answer is money.

Conversion rates were measured to be 40% higher on the websites that were not requesting card verification information. 40% is a massive amount when you are averaging it across millions or billions in sales. I would imagine that a large well organized company would leverage whether the cost of fraud from not requiring CVV2 outweighs the cost in lost sales from requiring it. It is apparent than many businesses find it less costly to deal with any fraud that might occur from not using CVV2, than to take a hit in their conversion rate and require it. This is a completely irresponsible practice, but isn’t the least bit surprising.

So should you use CVV2?
First off, if your merchant contract states that you must use card verification on card-not-present transactions, then Yes. It is fairly common for processors to require this information, and if you’ve opened a merchant account in the past two years, there’s a good chance that it’s required with your account. You could risk getting your merchant account shut down for not using CVV2 if you’re processor requires it.

My personal recommendation for businesses who aren’t required to use it is also Yes. Especially for the case of small businesses where the cost of a few fraud related chargebacks can ruin a business. Additionally, it is much easier to fight most chargebacks when you have a valid CVV2 match. If you have a positive CVV2 response, it is proof in most cases that the person who made the purchase had the card in hand. CVV2 also is a proactive approach at helping consumers. If a person gets their card skimmed or the number gets stolen, their card cant be used anywhere that CVV2 is required. If a database with credit card numbers gets compromised, the cards cannot be used where CVV2 is required since CVV2 is never allowed to be stored by a business. Lastly, CVV2 actually works for international cards while AVS (Address Verification) does not. It is really the only built-in fraud prevention method that is internationally usable at this time.

Currently CVV2 is not required, but only because some older cards don’t have CVV2 numbers on them. As soon as every card does, it’s very likely that it will be required for all card-not-present transactions.

Even now, if everybody used CVV2 for their transactions, there wouldn’t be a huge conversion rate gap like this, card holders would be safer, and banks would eliminate some of the cost of fraud, which drives up credit card related prices for consumers and businesses alike.

Related:
Credit card verification numbers

This is probably the single most common question that I come across in discussion forums. Someones Paypal account gets frozen and they want to know what to do to get their account unfrozen and get their money back.

While I can’t do anything to get your money back, I have been in this situation more times than anyone I know and I have a bit of knowledge about how the system works. Prevention is always the best bet but sometimes account freezes are completely unexpected or unavoidable.

The first thing you need to realize is that Paypal freezes funds on the same grounds as Visa and Mastercard, and they can hold your funds for 180 days from the date of the transaction (Paypal will hold for 180 days from the date of your account freeze). Unless your funds are frozen for fraud or for some legal reason, you should get your money back after 180 days (worst case scenario). If you committed fraud, or obtained the money illegally, don’t count on getting any of it back, ever!

Why Paypal limit’s accounts:
Paypal is financially liable for funds that you accept, so if they feel your account may cause problems for them or other customers, they will freeze your account. Paypal has an automated system as well as a human managed system for fraud control. If they hold funds, it is because something with your account set off an alarm and either automatically or after human review, they decided that it is in Paypal’s or Paypal’s customer’s best interest to put a hold on your account. It nothing personal, and most of the time it was probably a computer that froze the account based on some fraud algorithm.

Some reasons an account may be frozen:

• Increase in transaction volume (IE: More Transactions).
• Increase in single transaction amount (IE: Larger Transaction).
• Increase in disputes from customers.
• Increase in refunds to your customers (with our without any disputes).
• If a certain percentage of your transactions are disputed over a period of time.
• If fraud was reported against your account.
• Logging-in from multiple IP addresses (* Speculation).
• Withdrawing over a certain threshold amount (** Speculation).

In my experience Paypal most often holds funds when a business processes many more transactions, or when they process much larger transactions that previously in their account. Also when a business sees an increase in disputes or refunds it is often an indication that something is not right. I have no idea of the thresholds that Paypal uses to freeze accounts or how often a human is the person who presses the button, but most of this goes along the lines of credit card processing risk management.

* – The IP address theory I have heard many times, but I have never seen anything official from Paypal. I also haven’t witnessed it on a US paypal account, so it may be an international problem, or a problem with people logging in from restricted or close-to restricted countries. I’ve heard three IP’s is what it is based on, but I’ve personally logged into more than one account from at least 20 IP’s and have never had any problem. The other thought which seems most likely is when an account is accessed in a completely different area than normal (IE: Login from Russia, when the business is in California).

** – My large withdrawal theory is based on the fact that I have had an account held three times on different accounts, and the hold occurred almost immediately after I made a large withdrawal from the account. My guess is that this threshold is at most $5,000 per day, which would be on par with some long standing Federal Reserve regulations. It is may be less than $5,000 or it may vary depending on your history, but I’m 99% sure that it does exist.

Now if your account gets frozen:
The first thing you will get is an email from paypal stating that your account has been frozen. You probably already get ten spam versions of these messages every day, so most likely you will actually learn that your account is frozen when you log-in one day. Anyway, when you log-in to your paypal account you will get a big nasty screen stating that your account has been frozen, and that you need to visit the resolution center to clear up the issue.

In the resolution center, you will have a list of the steps that you need to complete to get your account limitation lifted. You will also have a summary of what you can and cannot do with your account in a limited status. This status varies depending on why your account is being held, and for how long it has been on hold. As for requirements, Paypal will normally have you fax documents to them, and they may be additional steps that you have to do within paypal. The internal steps will normally be confirming a bank account, or credit card.

Commonly Requested Documentation:

• Proof of business existence (Utility bills, DBA registration, Tax license).
• Proof of shipping (Tracking Numbers).
• Proof of person (Drivers license, Social Security Card, Passport etc.).
• Proof of products (Normally your supplier’s name and phone number).

After you fax Paypal the information, you have to wait for their response. They will typically send you an email the next day stating that they received your information. You will receive another email a few days later stating the results. The email will either announce that your account limitation has been lifted, or that they are unable to lift the limitation. If you account remains frozen, they will either ask you to provide more information, or they will tell you to wait 180 days to get your money back. In either case you can call paypal directly and talk to a customer service rep. In most cases they won’t be able to do anything for you, but they may be able to give you other options if you don’t have some documentation that is requested. I can’t stress enough, not to act aggressively with whoever you email or talk to at Paypal. This is the same with any Risk Management situation, yelling at the person on the other end will guarantee a 180 day hold of your money. Yes you’re pissed, but be nice until they hold your money anyway, then complain away!

If you can provide all of the documentation that Paypal requests and you were not reported for fraud or illegal activity there is a good chance of getting your account freed-up. However, Paypal will not always unfreeze an account even if you are doing legitimate business and you provided them with the proper information. It’s unfortunate but is simply a risk of using Paypal at the current time.

Recommendation on not getting your account frozen:
Risk is all about consistency. You could be accepting a million dollars a month, and as long as your business was consistent, and you didn’t get a lot of returns, there wouldn’t be any problem. When changes occur, especially large changes, red flags go up all over the place. New accounts are also at a much higher risk of getting frozen, as most fraud occurs very quickly after an account is opened.

If you have an average transaction size of $50, you should probably expect your account to get frozen if you take $5,000 on a single transaction. The same thing goes for volume. If you consistently do $1,000 – $2,000 per month, and suddenly you start processing $50,000, you should expect your account to get frozen.

My advice is to slowly ramp up sales (This obviously isn’t always possible), and initially specify an amount in the estimated monthly volume and transaction size higher than what you actually expect to do. Make frequent lower amount withdrawals, and try not to keep a lot of money in your account. Be especially careful of making large withdrawals in a single day.

If you have any related experiences or comments, please feel free to share. However, this thread is not Flame Paypal, so any ‘Paypal Sucks’ or related comments will not be posted.

Visa announced some months plans to take their company public in late 2007 or early 2008. I get about four questions a day asking if I know when Visa is going to go public. Here is my update on Visa.

Although Visa has still not named a date for their IPO, they have formally started the IPO process.

On June 22, Visa’s CEO John Coghlan resigned, as Visa hired Hans Morris from Citigroup to be the president of Visa through the IPO. The restructuring of Visa will include combining of Visa USA, Visa Canada, and Visa International, while Visa Europe will remain an independent organization.

My thoughts on the IPO:
I can’t see there being any chance of Visa’s IPO happening in 2007, so I would put it a few months into 2008 (Feb – Apr). Unfortunately, I think that Visa shares are going to be impossible extremely difficult to obtain pre-IPO. Looking at the success of Mastercard’s IPO, the fact that MasterCard shares have quadrupled in the past year or so, and that Visa has a much stronger pre-IPO brand than MasterCard, getting shares is going to be hard. Your best bet, unless you have million to invest, is to get into an investment group that is planning on bidding on a big chunk of Visa stock. Hopefully you can secure a few shares for yourself before the price explodes a few hours after the IPO.

The IPO’s impact:
It’s still unclear exactly how Visa’s IPO is going to impact consumers or businesses. On one hand, Visa will be concerned about public appearance, but on the other they are going to become a profit hungry monster, with a hand already in everyone’s back pocket. The other certainty is that some major companies (Walmart possibly) are going to be purchasing Visa stake in bulk. This will not only be one of the largest IPO’s in history, but could be the widest impacting public offering ever.

If you want to know immediately when Visa announces their IPO date, sign-up for the Merchant Account Blog’s RSS Feed. I will be blogging about Visa’s IPO as soon as I get information on when it is going to happen, or other changes.

This is the list of routers that Verifone has tested to work with the Omni 3740 and 3750 with IP processing capabilities. These two terminals should work with just about any hardware, but these have been tested to work by Verifone, and are some of the more common hardware that small businesses are likely to use.

Dial Routers: (You probably won’t ever need one of these!):
SMC Barricade 7004ABR and 7004AWBR
3COM 3C886 and 3C888

Ethernet Routers (Wired):
D-link DI-604
Netgear 614V2
Linksys BEFSR41 and BEFSRX41
SMC Barricade 7004ABR
Cisco 813, SOHO91, 2500, 2600

Ethernet Routers (Wireless):
D-link DI-624
Netgear 813V2 and 813V3
Linksys BEFW1154, WRT54G, WAP11 (Access Point)
SMC Barricade 7004AWBR
Microsoft MN-700
2Wire Home Portal 1700HW
Sonic Wall TZ170 and TZW

Related Posts:
Verifone Omni Ethernet and IP Network Setup
Convert an Omni 3740 or 3750 for Ethernet Processing