Many business owners sell their used credit card terminals on ebay to other business owners after they upgrade or no longer need them. These terminals often go for a fraction of the retail price even if they are relatively new.

Buying a used terminal has always been a bit of a gamble since it’s unclear how the terminal was treated and how much life it possibly has in it. Even so many times the price is good enough to take a chance with it.

However, we are increasingly seeing problems with used terminals on ebay and craigslist that prevent them from being used at all by the purchaser. Many, if not most, merchant account providers have free terminal programs for their retail merchants. What merchants may not know is that they do not actually own the terminal that they’re given to use and they’re supposed to return the terminal to their provider if they switch processors or cancel their account.

What’s happening is that many of these terminals are not being returned and instead being sold on ebay or craigslist or other marketplaces. These terminals are usually locked at a hardware level so that they cannot be used with another provider, and the processor will not unlock a terminal that they were supposed to get back as they technically still own it. This is to protect the processor from losing a $200 – $500 terminal every time they lend one out. But, as a purchaser there is virtually no way of knowing if a terminal is locked until your own provider tries to program it. By that time you may not be able to get a refund or even find the seller if it is on craigslist. As far as ebay goes, if they seller states it’s a working terminal, it doesn’t actually have to be usable with your processor, and it is very difficult to win a dispute through paypal’s dispute resolution system in this case.

Unless you are 100% certain that a particular terminal is not locked with any provider, we strongly recommend only buying equipment that is new or manufacturer refurbished and is not proprietary to any particular company. This will save money and a huge amount of wasted time if you accidentally purchase a locked terminal.

This is what unethical sales in the merchant account world looks like. I’ve crossed out the business information, but Mr. Michael Lendon is pretending to be this company’s merchant service provider which he is not. That’s very unlikely a real person as I’ve found at least another public example of the same deceptive marketing on the internet.

These fraudulent marketing forms might seem benign but can have disastrous consequences for businesses that fall for them. Many times a business is subject to termination fees and even being sent to collection because they end up switching companies and their old account was never closed. But, more importantly they are now trusting the money and possibly the very existence of their business with a company that flat out committed fraud to obtain their business.

Text version:

From: Merchant Services Fax: 8887816053 To: Fax: + Paga 1 of 1 1012612013 5:54

Merchant Services

• T. 888-547-1666 • F. 888-781-6053 •

FROM: Michael Lendon RE: Your Merchant Account
Management has finally approved you a lower rate of 0 .98°/o due to your consistent sales volume on Visa, MasterCard and due to being a lower risk merchant with minimal chargebacks.

You are currently overpaying on your merchant blll every month under the original program. Please complete form below today before Visa and Mastercard Increases their rate so we can LOCK It for you at the lower rate. This low rate program is for customer retention purposes which you qualify for as a low risk merchant, and as long as you stay with the program you will continue to receive the benefits of lower rate savings.

Additional benefits of this new program:

• Next day deposit,
• NO monthly fee, NO annual fee, NO set up fee,
• Seamless transition with no downtime: we will handle the transfer from your current
program to the new,
• Amex, wlll have faster deposit timeframe (same as V /MC/D) and will be on one
statement with V /MC/D.
Complete below & FAX directly to me at (888) 781-6053 and we wlll fax you the new
merchant application – if you get a busy signal you can Fax to (888) 563-0420 .

To discontinue our offer in the future to lower your merchant monthly cost, fax this form back crossed out. F 888-781-6053 or if you get a busy signal try an alternative Fax# (888) 563-0420

If it hasn’t already happened, small merchants are about to get a rude awakening if they currently accept PIN debit transactions. Because of certain provisions in the durbin amendment which regulated debit card interchange, debit networks are now individually allowed to charge annual fees for facilitating debit transactions on their networks. This means if you accepted a PIN debit transaction through Pulse, Star, or many of the other debit networks, or if you’re even set up to accept these transactions, you will most likely be seeing annual fees from $5+ per debit network appearing on an upcoming statement. There are 13 debit networks currently, but not all merchants are likely setup on all networks.

While this isn’t an extraordinarily large fee, many merchants only accept a few PIN debit transactions per month or even per year. PIN debit network fees are going to be a major headache for small merchants who may not even know they are setup to accept them. This is one of those unintended consequences of the debit regulation, which has no effect on the super corporations that lobbied so hard for it, but may have a much larger effect on small merchants.

The state of Illinois has issued a cease and desist against Square Inc. (pdf) for violating a money transmitter act and is requiring them to cease all money transferring activities with any resident of the state.

What this basically means is that Square is not operating within money transfer regulations by Illinois’s interpretation of Square’s practices. Much of this is directly focused on anti money laundering regulations. It is extremely easy to setup an account with Square and there are numerous reports and even instructions on how to use Square for illicit businesses, it’s not surprising that this has come to a head.

It will be interesting to see how this plays out and if other states take the same interpretation of Square’s business practices.

I know that the traditional processing industry has been less than thrilled at how Square is allowed to conduct business and solicit customers.  Much of this may be a natural reaction to a fierce competitor. However the reality is also the observation of Square’s apparent rejection of the rigorous standards that are required by existing credit card processors. While regulations are often a burden and a barrier to progress, many of these standards are in place to prevent fraud and combat money laundering. To be blunt, Square came across as completely ignoring many of standards just to reduce their own barrier in getting a customers processing account setup.

The IRS 6050W mandate passed in 2008 requires credit card processors to report merchant processing revenue to the IRS for each year of active processing. The IRS essentially thinks business owners are cheating on their taxes and are using credit card processors to try and identify egregious tax dodgers. Merchants with tax related information that is incorrect when their processors files a 1099-K will be subject to having funds held by their credit card processor. Last year, we were given a bye and didn’t have to hold merchant funds for those merchants with incorrect TIN information. This year appears to be different and processors will be holding funds per IRS regulations. We’ve already seen numerous cases where Amex was forced to put a hold on merchant’s funds.

You may have recently received notice from your credit card processor of your TIN or corporate name mismatching, or simply a notice to verify your processor has the correct TIN/EIN number and corporate name on file for your business. Do not ignore these notices!

It is extremely important to make sure this information is up to date and is correct with your processor. Incorrect TIN information can result in your processor being forced to hold the money being processed through your merchant account. American Express is a separate entity and you need to make sure that your TIN information is correct with American Express separately from your merchant account.

To update this information, you will be required to provide your credit card processor or American Express with an accurate W9 form. Completing this form properly is critical to preventing a TIN mismatch. This form must be filled out with the exact information you used to register your TIN with the IRS which is also the same information required when filing your taxes. A single misplaced letter or punctuation, the incorrect type of business, or an incorrect TIN will cause a mismatch. The IRS doesn’t have an adequate system for your processor to verify this information, or lookup the correct information, so it is up to you to make sure it is accurate. If you don’t know the TIN or the exact name you established your TIN under, you can contact the IRS to get the correct information.

Make sure this information is correct with your processor and with American Express to avoid having your money held.

A result of the recent card association / merchant settlement is that merchants may now place a surcharge on their credit transactions. We’ve already been getting a lot of phone calls about this, so let’s go over a few of the basics. You should also review Visa’s official information on surcharging for the in-depth details.

If you live in California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma, or Texas forget about it. It is illegal in your state to add any surcharge on a credit transaction and state laws always trump operating regulations facilitated by private entities.

If you live in one of the other 40 states, you may be able to surcharge beginning January 27th, 2013.

In a nutshell, here’s what’s going to happen. Make sure you check with Visa’s and other association websites before adding a surcharge to ensure you are complying with all of the implemented rules and regulations.

• Notify Visa and your acquirer at least 30 days in advance of beginning to surcharge.
• Limit surcharging to credit cards only (no surcharging debit and prepaid cards) and limit the amount to your merchant discount rate for the applicable credit card surcharged.
• Disclose the surcharge as a merchant fee and clearly alert consumers to the practice at the point of sale – both in store and online – and on every receipt.

Remember, you cannot surcharge a debit card no matter how it is processed. You cannot surcharge if you accept American Express or Paypal. You cannot charge a prepaid card no matter how it is processed. You cannot under any circumstance charge more than you are paying to accept that specific card. There are specific rate limits listed on Visa’s website.

Although this may seem like a beneficial and obvious solution to some merchants, I strongly urge you to take a good look before implementing a surcharge. Shifting a cost like this is not going to fare well with many customers. I would personally not make a decision like this lightly. If you do decide that you want to surcharge, make sure you have a plan to test and back out if necessary. As proven in Australia, surcharging credit transactions has the potential to drastically alter payment preferences and will often upset a customer no matter how the surcharge is presented. In the world of social media, surcharging has the potential to generate a lot of bad publicity, very quickly, if you upset the wrong customer base.

Lastly, don’t be surprised if this change in regulation is retracted in the future. Consumers drive commerce in the US and they certainly will have their shot at overturning surcharging if they feel that it is unfair.

We’ve been speculating since Square got started that it would quickly infiltrate illegal markets. Partnered with prepaid debit cards, it offers an almost 100% anonymous method of accepting credit cards.

While reading some actual stories of drugs being purchased via debit card through a square reader, I went and did some searching on Google. To my surprise, not only are there multiple articles and instruction on how to accept debit cards for illegal sales, but Square is actually advertising for drug dealer related search terms. What a nice company.

Here’s a daily scenario that I come across. A website owner / entrepreneur / service provider / auction site / startup / etc., wants to create their awesome online platform that will allow vendors to sell and customers to buy, and they simply want a small percentage of the transaction. There are about a million different ways to describe this, but in the end the result is the same, the vendor gets payment, the site operator takes a small percentage, and the customer gets their product or service.

Now on the surface this is a completely rational credit card processing setup that many businesses could benefit from. In reality, processing like this is an extremely risky method that can and often does result in substantial losses for the party running the platform and the credit card processor. Let’s run through why these scenarios often don’t work and are prohibited by every normal payment processor out there. The technical term for this is called aggregating, and coincidentally it is exactly what Paypal, Square, and other 3rd party payment processors do.

In these scenarios we have 3 parties, the customer making the final purchase, the vendor who is selling their product or service, and the platform that is providing the mechanism or bridge between the vendor and the customer. This could be a anything from a commission based shopping site, an event coordinator, an action house or website, or any number of business ideas where a middle party provides the connection and mechanism between vendor and customer, but doesn’t actually provide the service themselves. The idea is that the platform seamlessly collects the payment from the customer and then pays the vendor after taking their small percentage fee for the service. Since they have a number of vendors using their service, they typically want to setup one merchant account to accepts payments with and use their own internal accounting to handle the proper payments.

Chargebacks…

What this creates is a major liability vacuum where the party that receives the majority of the payment, is not the party that is contractually responsible to the customer’s bank. When the customer decides they didn’t like the service and they make a chargeback, the platform loses the money and then must go back to the vendor to get reimbursed for their customer’s chargeback.

Just to illustrate how much risk  and exposure the platform takes on this, let’s just say the platform charges the vendor an arbitrary 5% per sale in fees and commission. At 5%, the platform is taking 2,000% exposure on every dollar they earn through their system, without taking processing fees into consideration. To be redundant, for every $1 in revenue the platform keeps, they have $20 in liability for at least 180 days.  Even at 10% in fees, they are exposed 1,000% on the dollar. The vendor ends up with 95% or 90% of the amount payed, while the platform still holds the liability for the entire 100%. This problem is further compounded when you consider that a card holder has 180 days from the date of the transaction to file a chargeback with their issuer. The bigger picture presents potential liability and challenges that far exceed what most businesses could ever accurately plan for. The reason that credit card processors and card associations don’t allow this is that when thing blow up and the vendors aren’t refunding the platform, and the platform implodes and is broke, the processor is left with the bill. And yes, this has happened many times in the past even to the level where processors have gone bankrupt as their exposure is even more lopsided than the platform we’re describing here.

So, how do Paypal and Square and 3rd party processors do this?

These companies are established and registered with the card associations solely for this purpose. These types of accounts typically require huge reserve accounts that exist solely to cover loses due to fraud. They also have extremely vigilant monitoring and restriction policies, which is why you’ll see almost every complaint against them is for holding funds. They also have very strict oversight and reporting requirements to the card associations. Implementing systems like these can cost million in registration and administrative fees, not to mention the millions that would be required to be held in the reserve account.

Here’s an unfortunate data breach that happened at a retail pizza restaurant. The business suffered a computer hack or some sort of data breach that resulted in customer’s credit cards being compromised and used fraudulently all over the world. The real shame is that PCI-DSS has been a Visa/MasterCard requirement for all businesses for nearly 4 years. I can empathize with this business but at this point there really no excuse for not taking PCI seriously. In a recent report from Verizon, they found that Restaurants were the most targeted business for hacking and data theft, with more than 50% of all attempts occurring. Thieves know that restaurants and small businesses are a great and very soft target and this isn’t likely to stop. At this point, there’s no excuse for not getting PCI compliant and not taking control over your data and business security.

MasterCard has alerted that some merchants have recently received fraudulent “MasterCard Security Alert” e-mail messages. These e-mails ask merchants to conduct payment card test transactions followed by a refund to a different payment card. These e-mails also instruct merchants to send the details of the transactions to an e-mail address not affiliated with MasterCard. This scam is being perpetrated by criminals in order to gain merchant transaction information so they can attempt to make fraudulent purchases and refunds using stolen payment card information.

If any business receives an unsolicited phone call, e-mail message, text message, or social media request from an individual claiming to be a MasterCard Security representative, do not to respond. Report the fraudulent inquiry to MasterCard using the following e-mail address: datasecurity@mastercard.com.