Information on Merchant Accounts,
Ecommerce and Credit Card Processing

June 18th, 2008 by Jamie Estep

Hypercom’s New Terminal Line

Filed in: Credit Card Equipment | 4 comments

Hypercom recently introduced the Optimum T4210 and the Optimum T4220 terminals. These terminals are the first of new standardized line of terminals from Hypercom.

Hypercom Optimum 42** Series

Unlike Verifone and many other manufacturers, Hypercom realized that by making a single terminal with several versions, they can reduce their production costs, and make a superior product. Hypercom’s T42** and M42** line of terminals are exactly that, all the same terminal in form and operation, but with subtle hardware differences.

Hypercom’s T4210 is the most basic of the series and uses a standard dial connection. Stepping up, the T4220 is an Ethernet based terminal. Third in line, the T4230, is a retail (counter-top) based cellular terminal operating on AT&T’s wireless network. The M4230 is the same cellular terminal as the T4230 except it has a battery making it completely mobile. Last in the line, the Bluetooth enabled M4240, is battery powered and designed for hand-over processing such as pay-at-the-table.

This line of terminals is set to make a very strong stand against anything out there. They come in with a low price tag, and are high in features and usability. All include thermal printers, smart card capability, and internal PINpads. These are designed to be extremely easy to use, and all are identical to operate. This is a good thing, because businesses that want to upgrade within the terminal line, don’t have to learn any new operating procedures. Input ports are color coded, the printer cover opens with the push of a button, and there’s even a cable organizer to reduce cable clutter.

Hypercom thought these terminals through very well, and I think that they are going to be very popular once they are a little better certified. If you’re in the market for a new terminal because yours is going out or you need an upgrade, I highly recommend checking these out.

May 29th, 2008 by Jamie Estep

Paymentech is going away

Filed in: Industry News | 1 comment

The owners of Paymentech, JPMorgan Chase and First Data have decided to dissolve Paymentech into their own operations. JPMorgan will take 51% and the remainder will be merged into First Data.

Both companies have committed to a no-disruption transition so existing Paymentech customers (1Million+) should not see any major change in their processing service.

May 15th, 2008 by Jamie Estep

How Visa Operates

Filed in: Industry News |

In a move to become more transparent from increased scrutiny over interchange, Visa has made their operating regulations available. Regulations are available for all regions of the world. The US has two volumes of regulations, for a total of about a thousand pages.

May 6th, 2008 by Jamie Estep

Forcing Software for PCI Compliance

Filed in: Fraud, Merchant Accounts | 42 comments

Lately I’ve been hearing reports of processors that are starting to charge their customers $19.95 per month for not being PCI compliant. To fix this problem, these processors are requiring their customers to install some PC based scanning software that is supposed to magically make the business PCI compliant, thereby allowing them to avoid the monthly charge.

Let me start out by saying: This is a bunch of crap!

There is nothing that you can just put on your PC that will make your business PCI compliant. This is so far off course that it hardly can be related to PCI. PCI compliance is in reference to networks, computers, hardware and software that play a part in the processing, storage, or transfer of a credit card transaction.

It is now required that every business be PCI compliant, but let me assure you that there is no simple computer program that will do this for any business. Even if only a single computer is used to enter card data, it is unlikely that it is the only piece of the puzzle, and even more unlikely that a single piece of software can guarantee PCI compliance.

Steps to get compliant:

  1. Determine whether you need to be PCI compliant. (If you accept credit cards, or play any part in the processing of a credit card, you need to be PCI compliant.)
  2. Determine which Level of compliance is required for your business.
    • Level 1: Greater than 6 million credit card transactions per year or any business that has suffered a hack or data breach, or any business deemed Level 1 by card associations.
    • Level 2: 1 to 6 Million credit card transactions per year.
    • Level 3: 20K to 1 Million credit card transactions per year.
    • Level 4: Less than 20K ecommerce, or 1 Million total transactions per year.
  3. Fill out the self assessment questionaire (SAQ).
  4. Fix every area that you answered ‘NO’ to on the SAQ.
  5. Hire an approved scanning vendor (ASV) to perform quarterly scans of any external networks. – All Levels
  6. Fix and maintain any failed area of the scan.
  7. Level 1 Only: Complete an annual on-site audit by a Qualified Security Assessor (QSA).
  8. ** Continue to maintain security of networks and card information! **

Once you complete all of those requirements, and maintain a secure network and business environment, you are PCI compliant. Most of the details of PCI compliance can be found in the SAQ, and on the PCI Security Standards website.

If you’re trying to determine whether PCI compliance is worth it to you, consider this: A security breach will result in a business requiring Level 1 compliance. The cost for level 2, 3, and 4 compliance can be as low as a few hundred dollars per year. The cost of Level 1 compliance can easily reach into the 6 and 7 figures per year.

Some Good PCI Resources:
PCI Answers Blog
PCI Security Standards website
Visa Cardholder Information Security Program
MasterCard SDP Program

April 28th, 2008 by Jamie Estep

Nova is now Elavon

Filed in: Industry News | 1 comment

Nova recently changed their name to Elavon to create a unified global name. Nova has a better than most reputation in the processing industry, and it seems like changing a company name from Nova to Elavon is a brand suicide.

Anyone processing with Nova should expect to see their statements reflect the new name if it hasn’t been changed already. Other than the name change there should be no difference in service from Elavon.

April 9th, 2008 by Jamie Estep

Discover to Buy Diners Club

Filed in: Industry News | 1 comment

Discover just signed an agreement with Citi to acquire Diner Club for $165M. Diners club is all but extinct, but this merger may bring some hope into Diners Club’s future. Since Discover is now settled along with Visa and MasterCard it’s possible that we will see the ability to accept Diners Club cards pushed to all businesses that currently process credit cards.

Press Release: Discover Financial Services to Acquire Diners Club International Network

March 24th, 2008 by Jamie Estep

PCI compliance

Filed in: Industry News | 1 comment

Digital Transactions magazine has an outstanding article regarding current PCI standards. I highly recommend reading it to any business that processes credit cards and businesses that are involved with any step of a credit card transaction.

Download the March 2008 issue and check out the article “Once is not enough”.

March 19th, 2008 by Jamie Estep

Visa trading starts today

Filed in: Industry News |

Despite uncertainty and a poor market, Visa’s IPO went through yesterday raising about $18B, making it the largest IPO in US history, second largest in world history. The stock market got an additional boost yesterday as the Federal Reserve lowered interest rates again.

Trading starts today and Visa’s stock was projecting several dollars above the $42 IPO price before the market was open. But, it immediately jumped above $60 when the market opened.

March 19th, 2008 by Jamie Estep

Do’s and Don’t of Accepting Credit Cards

Filed in: Merchant Accounts | 4 comments

Check out the Do’s and Dont’s of credit card processing if you need to get setup any time soon.

Please feel free to contact me if you know of something that should be on there.

March 18th, 2008 by Jamie Estep

Merchant account theft (pt 1 of 2) – Don’t get slammed!

Filed in: Fraud, Merchant Accounts, My Favorite Posts |

Slamming is a situation in the credit card processing industry where a sales agent or an ISO will steal a merchant account from another processor.

Terminal SlammingThis deceitful tactic has been observed in every area of credit card processing, from the retail to ecommerce. It is most common with smaller retail shops and restaurants, and seems to be especially prevalent in rural areas where business owners often have a first name relationship with their merchant account rep. Slamming has a negative impact of both the business that switched, the company whom they switched from, and the processing industry in general.

How slamming happens:
Picture this scenario. You own a clothing shop in a small town in Colorado. One day a person calls or walks into your business claiming he is with your credit card processing company and needs to update your terminal because of new security regulations. He tells you he works with your rep, Sam, who set up your merchant account initially. You know Sam and assume that he must have sent this person to correct your terminal. He has you sign some paperwork, he makes a few phone calls, messes around with your credit card terminal, thanks you and leaves… You’ve just been slammed!

At the end of the month, you get two bills for your credit card processing. One from the company you originally signed up with which is basically blank, and the other that has all of your transactions on it, but you don’t quite recognize the name on it.

What you didn’t realize when that person was reprogramming your terminal was that he worked for a different company, and he just switched you to his service. He knew your sales rep Sam’s name because most of the businesses in the area process through the same company and Sam is their rep. You may not have even signed an actual contract with him, but he got your signature and your terminal is programmed with his company. Although what he did was illegal, you now have two merchant accounts, and the second one is a complete mystery as to what you are actually paying, or who you are processing with. Unlike switching providers on your own, you didn’t need or want to switch, and you don’t know anything at all about the new company or what you’re going to get with them. Hopefully, they actually did setup you up with a real merchant account, but for all you know, this may have been some criminal that installed something to skim all of the credit card numbers that go through your terminal. Some ex-bankcard technician may be routing your money into their bank through a stolen merchant account. Just about anything is possible.

How slamming can hurt your business:

  • You are now processing through a deceptive company!
  • You almost always have extra fees, due to two accounts being open!
  • You will most certainly have a termination fee!
  • You can possibly be put on the TMF / Match file if you end your relationship with either company in a bad manner!
  • There is a now huge potential for fraud and credit card theft through your business!

Simply put, any company that would con a business into using their service is not someone you want to be doing business with. This company just doubled any fixed fees you had because you have two accounts open now, and you most certainly have has an early termination fee that you will be required to pay when you realize you just got scammed. They have a termination fee, because there is a good chance your going to dump them once you realize what just happened. Apart from that, who knows what your fees are, what this company’s reputation is, if they are even a legal business, if you are going to get all of your money, etc. This is just a bad position to be in for a business.

Of course this is illegal and you can take recourse against this deceptive company, but lawyers are expensive, and this could become an enormous burden to fight. Additionally, it may be hard to track down who is actually responsible for doing this to you. Many businesses do fight and they usually win, but it takes time and money, which is why slammed businesses often stay with the new company.

How this hurts the merchant services industry:
Reputable service providers spend a lot of money to gain your business, and they spend a lot of money on staff, training, and equipment to support your business. It takes months and sometimes years for a processor to regain the cost of establishing a single customer. When merchants are stolen, it has the same affect on a processor that shoplifting has on a retail businesses. Profit margin’s sink, and it becomes harder to keep prices and fees where they are. On an industry wide level, it ends up costing all businesses more, because the lost revenue has to be accounted for somewhere.

Companies that slam are scum!
Slamming exists because some providers and reps find it easier to steal hard earned customers from honest companies than to provide a service worthy of gaining their own customers. The people doing the slamming are criminals and should not be trusted on any level. Businesses have gone bankrupt, been put on the TMF, have been locked into horrible contracts and paid thousands of dollars because of thieves that do this. There is so much risk to a business that gets slammed, only a true criminal would put an honest business into a risky situation that could cost them their business.

What to do if you’re slammed:
First off, do some research to find out who did it to you and when it was done. Usually someone showed up and either switched out your terminal, or reprogrammed your terminal claiming to be with your processor. More than likely an outside agent slammed you and not the company they work for. Luckily, this is the best case scenario for your business, because you can easily bypass the agent and deal directly with the company you are now processing through. Additionally, a sales agent that is out slamming businesses is a huge liability for a processor so they will be more likely to sympathize with your situation. You need to make sure that if you close this new account, you will not be charged a termination fee, and you will not be put on any sort of TMF/Match list. Depending on what you actually signed, it’s possible that it was a complete application. Whatever the case, you are the victim of fraud, and you shouldn’t have to compromise, even a penny! You also need to figure out what you want the outcome of this to be. You can go back to your original company, you can find a new company, or you can stay with the current one. Based on how your relationship got started with this new company, it’s probably a good idea to go somewhere else out of principal. If you do decide to leave your original provider, make sure you know if you are required to pay any sort of termination fee. Most likely your account with them is still open, so going back to them should be simple and painless, maybe taking only a few minutes to get your terminal reprogrammed.

If a provider slammed you themselves, you are in a stickier situation. Going straight to the bank they are registered to, or to Visa and MasterCard may be the best resolution. If you find that the cost is significantly higher, you may need to consult a lawyer or file a report with your police department. If you do decide to call them, go up the chain of command as high as you can. Even if the company is responsible, it was still most likely a rogue sales person that carried out the slam. Filling reports with the BBB can go a long way to getting their attention and getting out of their grip. Ripoff Report is another company you can file a complaint with.

(My Ripoff Report Advice: Only file a Ripoff Report after all other options have been exhausted! You should be 100% certain that you are filing against the correct organization, there is no chance of an amicable resolution, and you do not expect anything positive to further come from the company. Unlike a BBB report, a Ripoff Report cannot be undone, even by you, and they can be so damaging that there is little chance the company will deal with you any more at all. If you commit libel or slander, you should be prepared for for the full legal wrath of the company you reported. Enough said!)

Prevent it!
Don’t let anyone reprogram your terminal unless you are certain that they are supposed to and that they work with your current processor. Whether it is over the phone or face-to-face, make sure you know who is changing your terminal, because you just can’t know what they may be changing on it. Your money and your business’s very existence could be at stake.