Information on Merchant Accounts,
Ecommerce and Credit Card Processing

August 13th, 2010 by Jamie Estep

Paypal has nothing to worry about

Filed in: 3rd Party Processors, Merchant Accounts |

Paypal has long withstood scores of competitors, trying their hand at dethroning the king of online payments. It seems like every time a new payment service pops up, someone, myself included, once again brings up the end of Paypal question.

Just a few months ago, MasterCard announced they would open up their API’s to developers. Just before MasterCard, Visa purchased Cybersource, the company that owns and Google, 2 of the largest presences on the internet, have their own payment systems, priced identically to Paypal, already with millions of users. And yet, Paypal continues to dominate the alternative payment market. Just imagine if 4 of the largest, and most powerful companies on earth put your business in their cross-hairs…

So how is it that a company like Paypal can withstand competitors, despite their own fallacies, and still maintain near-unchecked dominance over online payments?

Let’s start at the beginning…

In the beginning there was eBay. eBay revolutionized online shopping and person-to-person sales, and not just on the internet. eBay was truly the first, very-successful, online auction and marketplace. No auction site to this day has even put a challenge to eBay’s huge user base. The primary competitors now, are Craigslist and, both operating on entirely different business models, and only 1 with their own payment system. In 2002 eBay purchased the already successful Paypal to replace their failing Billpoint service. Both were payment options that buyers and sellers could use for eBay transactions. Paypal at the time was beating eBay’s Billpoint in popularity, so the acquisition was obvious and well overdue. Eliminating all competition from eBay payments allowed Paypal to gain complete dominance over alternative payments. There were a few others out there, but since eBay was the place to sell stuff, and Paypal was virtually built-in, Paypal became the only choice. eBay’s structure has always made it difficult for traditional merchant accounts and payment gateways to be used, so Paypal was almost always chosen by businesses if not for any reason but convenience. All the while, Paypal continuously advanced on a second front which consisted of a simple shopping cart, customer invoicing and person-to-person payments. This allowed anyone to send and receive money from other people, and allowed just about anyone to sell products on a website. Through these 2 channels, Paypal quickly became the one and only online payment provider.

Paypal has also greatly expanded its website integration methods, allowing for very customized and efficient buying experiences, enticing large ecommerce sites to use them as well.

Paypal plagued with problems

Paypal as a service provider is not without problems. Since their inception, they have been plagued by their poor quality of customer service, virtually non-existent human support, and draconian risk management procedures.

Paypal has one of the poorest track records of customer service anywhere and I believe it rivals any company on earth. I can’t think of a single aspect of Paypal’s business that I haven’t heard major complaints about. Additionally, it’s not just the fact that Paypal has complaints, but the poor manner in which they address, or fail to address, their customer’s problems. There’s over 7,000 complaints with the BBB alone in the past 3 years. There’s millions of angry buyers and sellers that have lost money through Paypal, many of these while following Paypal’s policies to a T. To be quite honest, there’s probably few companies, that could survive with the amount of negative experiences and negative press as Paypal.

Many people, probably the majority, never have problems with Paypal, but many of those who do, often end up abandoning their service altogether.

Onto the answer

Paypal will continue to dominate payments despite complaints, problems, and time, for these reasons.

  1. They’re already accepted and used everywhere.
  2. They are available where merchant accounts are not.
  3. They offer P2P payments.
  4. There’s no other option!

They’re already accepted and used everywhere

Paypal’s user base is currently over 100 Million (the number of active accounts is substantially lower). With the sheer number of web users that have a paypal account, and the number of businesses that accept it, it is going to be a daunting task to try and move people away from it.

They are available where merchant accounts are not

As someone who runs a merchant account provider, I can tell you that Paypal has an enormous advantage in that they are not restricted to the people they can service. Paypal is available in most countries in the world. Merchant account provides and most processors are restricted to a few countries. There’s no contracts with Paypal, no terms, monthly fees or termination fees. Lastly, Paypal can facilitate Person to person payments. Merchant account providers cannot do this, neither in principle nor the actual mechanism to facilitate them.

There’s no other option

Realistically, until there’s a huge Paypal abandonment, there’s no other option than Paypal. Payment services are a consumer driven industry. Until consumers want to pay with something else, they will continue to use Paypal. The catch 22 is that merchants accept what their customers use for payment and consumers wont switch until merchants accept it.

For a quick example of how slow payment technologies move, just look at contactless payments. They’ve been around for many years yet only a small percentage of card holders have contactless cards, and an even smaller percentage of merchants accept it. Nothing I have seen in the past 5 years offers compelling evidence that contactless or smart cards or mobile or any other technology will make a move any time soon. There’s often a lot of press and noise on these new technologies, but very little actual implementation.

They offer P2P payments

Paypal offers P2P (person-to-person) payments, allowing any person with an email address to send money to another person. This has 2 competitive advantages. It first gives Paypal the massive user base that’s not restricted just to businesses. Second, it gives them an enormous cost advantage over merchant account providers. Since roughly 50% of Paypal’s payments are funded from an account and not a credit card, Paypal isn’t charged any fee for these. They do however charge the merchant the fee. When you put this into their own cost/revenue breakdown, it effectively reducing their internal cost by 50%.

Visa and MasterCard have made it so difficult to create the type of business (Called an aggregator or 3rd party processor), there’s little chance of anyone being able to successfully do it. Just try to find a relevant accurate guide on how to set up a payment aggregator or 3rd party processor. It doesn’t exist because it’s only been done a few times, and of those that have succeeded, even fewer have survived. In the research I’ve done and helped others with on this type of business, it would take tens of millions of dollars just to get established. A business like this would need to have an enormous user base or some very good reason to people to start using their service or they would simply fade away like the many that have tried.

Where the competitors are going wrong.

The key mistake that Visa, MasterCard, Google, and Amazon are making is that unless they can answer the P2P payment issue, they will never pose a real threat to Paypal. Paypal is just as innovative on everything from mobile payments to ecommerce as anyone out there. They created their X-platform and are opening it up to developers, which allows for very advanced development like 3rd part payments, aggregating, and mobile or retail integration. Visa and MasterCard have no chance by themselves, it’s absurd for them to think that their brand is important enough without the other issuers to make in this space. I can’t see all of the issuers joining forces to create a massive P2P payment system any time soon, not to mention they would have more antitrust lawsuits flying than has ever been seen.

Realistically, these Paypal challengers are only banking on Paypal’s poor customer service reputation to try and gain a market share, and Paypal users aren’t jumping ship.

I would say that right now, Google and Amazon are the only ones with a shot, and based on their user base, they have a good one. Aside from the lack of P2P payments, they are still failing in getting consumers to switch their payment systems, and until they do, they will not pose a real challenge.

August 3rd, 2010 by Jamie Estep

Merchant Account Blog’s 5 Year Anniversary

Filed in: Merchant Accounts |

I have been so busy the past few weeks that I didn’t notice that the merchant account blog’s 5 year anniversary just passed, July 27th. With several hundred posts related to merchant accounts it’s often difficult to find positive and informative topics to write about. However, with major changes in regulation, mobile, contact-less and alternative payments, I anticipate the next year to be eventful. I am also hoping to add guest bloggers as I’ve been getting increasing interest from other bloggers and business owners in making guest posts here.

Thanks to everyone who reads the blog, and to those who email me their questions, which is currently 5 – 10 non spam questions every day. I do apologize if I am unable to answer everything that gets sent to me, and I will do my best in the future.

As always, if you have any questions or suggestions, please let me know.


July 19th, 2010 by Jamie Estep

Credit card terminal timeline

Filed in: Credit Card Equipment | 1 comment

We’ve compiled a time-line history of credit card terminals in the US.

So far we’ve added most terminals from major manufacturers over the past 30 years, and more will be added as we figure out when they were released. It’s quite difficult to get information on the release of many terminals as most manufacturers don’t publish historical information such as this. This is especially difficult for many of the pre-2000 terminals.

Related posts:
Brief history of credit card terminals in the US

July 15th, 2010 by Jamie Estep

1 minute guide to PCI Compliance

Filed in: Merchant Accounts |

PCI-DSS has been around for several years now, and ignorance is less tolerated when it comes to data security. In case you are just learning about PCI, here’s the 1 minute breakdown on PCI compliance.

  1. PCI is a security framework created to help prevent/curb the loss of credit card data. It covers some of the more basic aspects of data security, but is not security itself.
    PCI compliance ≠ Security
  2. If you accept credit cards, you must be PCI compliant. No ifs, ands, or buts.
  3. Most data breaches occur at small to medium size retail businesses. You are a soft target and thieves know it! This is especially true if you have a POS computer system.
  4. Being PCI compliant does not remove liability in case you still suffer a data breach. It “may” reduce or eliminate fines but will not eliminate actual costs resulting from a data breach.
  5. With respect to the actual process, gaining PCI compliance requires you to fill out a self assessment questionnaire (SAQ), and scan your networks periodically using an approved scanning vendor (ASV). Your exact requirements depend on which PCI level your business is.
  6. You can find a list of ASV’s here. Most ASV’s can also assist in helping you fill out the correct SAQ.
  7. If you are doing it yourself, you can get the SAQ here.
  8. If you store credit card numbers electronically, you must fill out SAQ – D. Have fun…
  9. If you are PCI compliant, it does not mean that your networks and data are secure. Security is something that requires constant administration and vigilance, and requires far more than what PCI outlines.
  10. If you don’t have the ability or expertise to be secure, hire or outsource to someone that does.

July 9th, 2010 by Jamie Estep

Dejavoo credit card terminals

Filed in: Credit Card Equipment, Merchant Accounts, Review | 1 comment

In the US, there are 2 credit card equipment manufacturers that basically own the entire terminal market, Verifone and Hypercom. Lipman USA is another major player however, Verifone purchased Lipman several years ago effectively creating 2 major brands. Another major company Ingenico, has a larger global presence, but their usage in the US in minimal at least in the independent sales markets.

A few years ago a new terminal company named Dejavoo was established. Dejavoo was founded by the original founder of Lipman USA, and seems to be founded on the same principles that Lipman was:  rock-solid products that are easy to use and very reliable. In my opinion Lipman’s Nurit 2085 is the most reliable and best land-line terminal to date. It isn’t very small, and it doesn’t look particularly classy, but it works well, it’s cheap, and it’s easy to use. Having watched the reliability of credit card terminals diminish over the past 10 years, I would love to see a highly-reliable brand emerge. Since the terminal market is monopolized by a few behemoths, it’s equally good to see a new competitor with a strong history of success in this specific industry.

Dejavoo currently offers several terminals which should meet the requirements of most merchants, whether retail or mobile. One of the coolest  things about the Dejavoo terminals, is that they all (except the C5 and M3) support a USB WiFi adapter, allowing a merchant with a secure WiFi network to eliminate an extra cord on their counter-top.

All Dejavoo terminals have quick thermal printers, and have internal PINpads. Dejavoo terminals meet the newer PCI-PED requirements for PINpads. Lastly, all Dejavoo terminals are at the lower end, if not the lowest, of cost for comparable terminals from other manufacturers.

Wired Dejavoo Terminals

Dejavoo C5 – The C5 is the entry level terminal from Dejavoo. It is dial only, and does not support USB components like the X series. It is the lowest cost terminal from Dejavoo. It is PCI certified and would be a comparable replacement for Nurit 2085, Hypercom T7 Plus, and similar products. The C5 looks to be the most durable of the Dejavoo terminals, and is slightly larger than the X or M lines. Most merchants will probably want the additional features of the X line, as the entry X5 terminal is a significant improvement to the C5 without a significant price increase.

Dejavoo X5 – The X5 is the first terminal in the X-line. It uses a custom Linux operating system, dual processors, and supports USB peripherals including the USB WiFi adapter. It features a compact, well styled design, and supports a multitude of features all for a low price. It is a dial-only terminal, but has more memory than current Verifone or Hypercom terminals. It is PCI compliant, and features a smart card reader and internal PINpad.

Dejavoo X8 – The X8 is almost the same as the X5 except that it supports processing over an 10/100 IP/Ethernet connection in addition to a dial-connection, and has an additional USB port. It is currently the lowest cost Ethernet terminal that we know of, just edging out the Hypercom T4220.

Wireless Dejavoo Terminals

Dejavoo M3, M5 and M8

The Dejavoo M series, are PCI certified, GPRS, wireless terminals. They are all based on the same M3 platform. The M5 has a base which includes a charging station. The M8 includes a base with an Ethernet port. The M5 and the M8 support the WiFi module, but the M3 does not.

The GPRS wireless network is normally used with ATT Wireless and is currently the most used network for credit card processing. So far I have not heard of development on the CDMA networks which would include Verizon and Sprint, but I imagine that there are plans in the future.

The M series terminals all include internal PINpads and thermal printers. They are compact, and use the same dual-processor system as the X terminals. Like X terminals, M series terminals accept normal credit cards as well as smart cards. The M series terminals aren’t the most elegant terminals out there, but it looks like Dejavoo traded fashion for a more robust and durable platform, which is far more important for wireless terminals.

Dejavoo WiFi Module

The Dejavoo WiFi module is an inexpensive USB WiFi stick that allows most Dejavoo terminals to process on a secure WiFi network. It theoretically works with the M3, M5, X5 and X8 terminals (We’ve personally only tested it with the X8, but Dejavoo has assured us that it works with the rest). We’ve been playing with one for the past week and despite some minor issues in initially getting the connection to work, it seems like this is the best only WiFi processing option available. The Verifone VX 610 is completely unusable because it’s support for WPA security is horrendous. The VX 670 is equally bad because it requires an expensive base, pushing the price above $800.

A note on wireless security and processing – WEP security is completely prohibited by PCI so do not under any circumstance use WEP or a non-secure connection to process using WiFi. Businesses should use WPA or WPA2 preferable and use a strong password like “4p%n&1GiJF$*nK8n”.


Based on our initial experience with Dejavoo terminals, they look to be the most promising brand of terminals we’ve seen in a long time, especially with regard to their wireless M-series wireless terminals. Several processors have made Dejavoo their preferred brand. I would like to see their performance over the next year or two before making a commitment. In any case, if I were Verifone or Hypercom, I would probably be concerned.  The Dejavoo terminals appear to be superior to both brands in just about every way including price, and only time will tell if they live up to their founder’s reputation.

June 17th, 2010 by Jamie Estep

Debit Interchange Regulation is Already Going to Hurt Consumers

Filed in: Industry News |

About a week ago, the US Government passed financial reform bills that included regulating debit card fees and regulating merchant’s ability to surcharge or set minimum and maximum purchase amounts. What congress has never look at is the repercussions of regulating something like interchange, even if it’s just for debit. Recent events have shown us a glimpse at the future of debit cards.

I read a great article about Durbin’s amendment in which I found out that free checking accounts were virtually non-existent before the invention of signature (or offline) debit. Signature debit is where a merchant processes a debit card like a credit card without requiring a PIN number. With the invention of signature debit, banks had a steady source of income from debit interchange that was directly attached to their customer’s bank accounts. With this additional income, came the invention of the free checking account. Right now most consumers and small businesses use free checking accounts, which are partially subsidized by fees the bank receives from signature debit interchange. These fees also help pay for chargeback investigations, and help pay for account features that you would have had to pay for before there were free checking accounts.

Now that congress is capping debit interchange, we can expect changes with regard to free checking account practices. Since these accounts can no longer be subsidized by signature debit interchange, banks are going to have create monthly fees for checking accounts. Chargeback investigations also cost banks huge amounts, so we can expect further fees will be charged to cover the additional costs for these. Right now, BOFA and others have announced that they plan on charging fees for checking accounts once the new regulations go into effect. Goodbye, free checking…

What I think is the biggest flaw to the debit regulation, and of much greater significance in the overall picture, is the double standard that congress has proposed. The law limits the amount banks can charge for debit interchange. At the same time, it exempts financial institutions with less than $10B in assets in attempt to help these smaller institutions out, but at the same time allows merchant to discriminate against types of payment at their discretion. A thoughtful move, but because of the second part it will have a near 100% opposite effect than planned.

Merchants will now inherently be more inclined to, and be allowed to, accept debit cards with the lower rates, which will be the big bank’s cards! Instead of helping credit unions and small banks, congress instead created the perfect avenue to put them out of the debit card picture. While it’s unrealistic to assume that the smaller banks will not be issuing debit cards at all, it is completely reasonable to assume that retailers (especially the large ones) will favor and may only accept cards from large banks that they pay less for. We’ll start seeing signs like only Bank of America debit cards are accepted here, and congress not only made it completely legal for merchants to do this, but they created the system to facilitate it!

With one swipe the future shows the end of free checking accounts, and the end of credit union’s issuing their own debit cards.

I’ll readily admit that I am partial when it comes to regulation of my industry, but how could congress have created something so blatantly damaging to credit unions and small banks in the US. As soon as the credit unions learned about the details of the rules , they began lobbying. However, the wording and details were published after the rules were passed, so to stop it now is more a prayer than anything else. It doesn’t take an expert to know that large retailers follow the savings, just like consumers…

June 9th, 2010 by Jamie Estep

The myth of bankcard deposit reconciliation

Filed in: Amex / Discover, Merchant Accounts | 3 comments

I am often asked on how to reconcile bankcard settlements (batches) to the money coming into a bank account. While a seemingly simple theory, as most accountants and anyone who has tried to match up settlements to deposits know, it’s far from easy.

In a perfect world we would see our settlement report at the end of the day, and a day or two later would see the exact same amount deposited into our bank account. In reality, we see our settlement report at the end of the day, and then we see absolutely no resemblance of it in our bank account, at any point, ever! The exception may be if you run a single transaction per day. The more transactions you process, the less your deposits will reconcile.

Why reconciling is often difficult…

Issuers don’t settle together

This is becoming less of a problem as Discover and Amex are starting to settle with Visa and MasterCard, but it still exists with many accounts, probably still the majority. Since Amex and Discover historically operated on completely different networks, and completely different financial systems, they would never settle directly with Visa and MasterCard. While one shouldn’t expect an Amex deposit to be labeled the same as Visa/MC deposits, it’s still difficult to add the correct deposits together. This is mainly because Amex and Discover often take longer to be settled and deposited than Visa/MC. Your Visa/MC transaction may be in your bank in 48 hours, but your Amex may take a week. When your business’s bank account has hundreds of deposits and withdrawals like most do, it’s extremely difficult to match the correct deposits with the corresponding settlements.

You accept PIN-debit, fleet and/or other proprietary cards

The more types of cards you accept, the more unlikely your batches are to reconcile with your deposits. Everything from PIN debit, fleet and gas cards, JCB, Diners, EBT cards, to gift cards and anything other than a typical Visa or Master credit card requires different processing systems and networks to handle the transaction settlement. It’s rare that any of these follow the same protocols as Visa/MC which means the deposits don’t come in same deposit or even at the same time.

Settlement times

When you accept a credit card it must be settled at the end of the day. The method that your transaction are settled depends on how you are processing cards. You may be manually batching your terminal, you may have a terminal with auto-batch, or you may have a gateway that batches for you, and each of these methods can present different opportunities for something to get messed up or out of sync when settling. Once batched, these transactions are queued up to be settled and paid with the card issuer.

The problem, is that it’s fairly easy to end up with settlement time mismatches. You could batch at 3PM, and your platform could batch at 2:30, this would add a day to your deposit time. You may have some complicated setup on the back-end that involves multiple systems settling your transactions, and again if there is some mismatch, transactions can get pushed back. Some systems settle multiple times per day but give you a single report at the end of it. It’s even possible that some transactions get split between batches if there are time-mismatches somewhere in on the back-end. This is a nightmare to try and identify, let alone understand what is happening.

Since very few systems have been built from the ground up, many of these systems, which neither you nor your processor have any control over, are complicated and antiquated. Processing networks are often many layers of systems tied together to provide the functionality needed. This complexity can create virtual bottlenecks which can make a mess of settlement times.

Your pricing may be the real reason

There are several types of pricing structures, in reference to how and when your fees are taken out at the end of the month that are commonly used with merchant accounts. The primary 2 are daily and monthly discounting. If you are on daily discounting, your qualified percentage and transaction fee are subtracted from your deposits every day. At the end of the month, your surcharges (mid and non qualified transaction) are billed to your account. This makes the end of month bill substantially easier to swallow, but guarantees that deposits will never match settlement reports. Monthly discounting on the other hand, is where all of your fees are withdrawn at the end of the month. If you want any chance of reconciling to the dollar, you must be on monthly discounting. However, many businesses will not qualify for monthly discounting as your processor is taking a gamble in the event you do not have the money available at the end of the month. This has become much more common over the past 2 years. If you are a new business or if you have ever had an ACH reject or NSF when your processor tried to collect your fees, you should expect to be on daily discounting, at least until you can establish better processing history. If you are an existing business without ACH rejects or any major risk factor, you should be able to get your processor to put your account on monthly discounting. Keep in mind, if your account does not have the available funds in it at the end of the month, you will be quickly switched to daily discounting.

Is there any fix?

Reconciling can be expected to become easier as issuers and different card types begin to settle with Visa and MasterCard, but it’s going to be a lengthy migration. If you accept fleet cards, or some of the non-bankcard types, it’s unlikely that these will ever be deposited with your normal transactions.

If you understand the type of transactions you are accepting, whether your Discover and/or Amex transactions settle with your Visa/MC ones, the amount of time that it takes for your batches to hit your bank, and you are processing on monthly discounting, it is possible to get your transactions to reconcile, or mostly reconcile. If you end up running into a situation where back-end systems are causing the problems, it’s unlikely you will be able to easily remedy the situation. Depending on what type of terminal, POS system or software you are using, there may be no other option than to continue processing without an easy ability to reconcile your transactions

June 8th, 2010 by Jamie Estep

Payment Resources

Filed in: Merchant Accounts | 1 comment

Here is a list of the payment related resources I read on a regular basis. If you’re looking for good payments, merchant account and data security resources, these are some good ones. If you have any recommendations, please feel free to post them up. I’m always looking to add to my list of regular payment reading.

Federal Reserve Payment Board
Payment News
Visa Partner Network

Amazon Payment Blog
Anceace’s Blog
Andy Orrock | Payment Systems
Ask About PCI
Anton Chuvakin Blog
Broox Peterson
Credit Cards Online 101
Digital Money Blog
Google Checkout Blog
Info Law Group
Network Security Blog
Payment Card Security & IT Controls Explained
Payment Systems Blog
Payment Talk
The Paypal Blog
Retail Information Security
Storefront Backtalk
TransFs | Financially Speaking

June 7th, 2010 by Jamie Estep

VOIP + Credit Card Terminal = Bad Idea

Filed in: Merchant Accounts | 1 comment

I’ve heard an alarming trend from a number of sources about how to hook up a credit card terminal to a VOIP (Voice Over Internet Protocol) telephone system. Several of the examples I’ve seen probably worked as well, so let’s get right to the point.

Do not connect your dial-up credit card terminal to a VOIP connection!

Even if you get this to properly work, which is apparently possible using an analog adapter, you are now violating a number of PCI regulations regarding data security. When you process using a dial-up connection, the data transmission is not encrypted. Since the transaction is going over a phone network which operates differently, with regards to security, than internet, it’s OK by PCI and issuer data security standards (Whether the existing security is enough, is another debate). When you put that terminal on a VOIP connection, you are now transmitting unencrypted data directly over the internet.

Encrypt transmission of cardholder data across open, public networks

Do not do this, do not try to do this, and do not let your cable or other internet provider tell you that it’s safe and secure. I’ve heard of both Time Warner and ATT service reps telling customers that it is perfectly secure to do this. It’s not. Same thing goes for Magic Jack, Vonage, Packet 8, Comcast, or any other VOIP provider out there.

There is almost no way to encrypt data from your terminal over the internet unless your terminal supports end-to-end encryption, which realistically barely exists as of yet, or you have some extremely fancy and expensive telecom equipment. You would certainly know if you fall into this category.

If you have a VOIP only connection, you need to purchase an Ethernet compatible terminal, like a Verifone VX570 or VX510 (Dual Comm), Nurit 8400 (Dual Comm) or a Hypercom T4220. The T4220 and VX510 are the lowest cost out of this group. Get your new terminal programmed to connect over the internet by your processor. Connect your Ethernet terminal to a spare port on your Ethernet switch, hub or router.

Don’t try to get your dial-up terminal to work over VOIP even though it may be possible.

June 3rd, 2010 by Jamie Estep

Fraud as a Service

Filed in: Fraud, Industry News |

First Data published an incredible paperPDF regarding the sophistication of electronic fraud. I highly recommend taking a look at it for anyone in the payments or IT industries, and anyone interested in learning about how advanced and organized cyber-crime has become.

More than any resource I’ve seen before it, this paper gives a clear and easy to understand description of the current state of electronic crime.