Heartland payment systems today has been reported to have been victim to one of the largest credit card data breaches in history.

Heartland discovered malicious software that was recording credit card information as it was being sent to heartland for processing. Heartland processes roughly 100 millions transactions per month, for 250,000 US businesses.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

Right now it is currently unknown how much data has been collected, how/if it has been used, or how long the malicious software was recording information. The current largest data breach in history was about 45 million card number by TJX (TJ Max and Marshals) which cost the retailer almost $2 Billion dollars. Depending on how much data was lost, this breach could surpass the cost of the TJX breach.

I’ve been reading comments on various blogs and new sites on the internet and so far there is a lot of backlash and anger from consumers and businesses. We’ll see in the near future how this breach will affect Heartland, but it seems safe to assume that this will be an extremely costly event for one of America’s largest ISO’s.

***UPDATE***

http://www.nytimes.com/2009/01/21/technology/21breach.html?_r=1&emc=tnt&tntemail0=y

The software on the Heartland’s network was installed as early as May. Based on the volume of transactions, as many as 600 million card numbers were potentially vulnerable, although the actual number stolen was likely less than this. With that sort of exposure, and the sheer number of merchants that process with heartland, it’s not impossible that every single card holder in the US was exposed in this data breach.

During a recession or a downturn in the country’s economy, we typically see the unemployment rate go up. In the current situation, the unemployment rate has gone up a lot.

One of the few good things that comes from unemployment, is that it creates situations that allow new businesses to start up. What better motivation to start your own business than getting laid off?

One of the interesting facts about the credit card processing industry, is that we generally see an increase in new businesses during an economic downturn, especially when it involves a lot of lay offs and lost jobs.

This is blatantly apparent when comparing Google’s trend graph for the term “Merchant Account” to the S&P500 Index. The increase in searches for merchant account is a delayed inverse to the crash in stock price, which in this case is a good indicator of the country’s economy.

This is a positive trend to me, because it’s apparent that people are still getting out there and trying to open their own businesses. Financing is a major hurdle right now, but there are signs that we will see an increase of new businesses in the months to come. Real-estate is cheap, competition is evaporating, and those businesses who can get established in a difficult economy should excel when things do pick up again.

Here’s a little comparison on how a business’s average sale size affects their processing cost.

If a business processes $10,000 per month, here is how the business’s ticket size affects their overall cost.

If you have a low average ticket, it is more important to have a low transaction fee than a low processing rate. Conversely, if your average sale amount is greater than about $80, the transaction fee becomes almost negligible.

Knowing how your average ticket size affects your overall cost is extremely important when looking for a merchant account provider. Not knowing how this affects your fees, will undoubtedly cost your business extra. This is yet another reason why shopping for the lowest advertised cost is a good way to get a bad deal.

Related Posts:
The processing fee is the least important one on your application!

We’ve spent a few days updating our calculators on our main website. The new version work much better than the previous versions. We are also in the process of adding fee comparison calculators for 3 tier and pass-through merchant account fees.

Current calculators:
Simple merchant account cost calculator
Advanced cost calculator
Lease cost calculator

Until now, Google Checkout merchants who advertise on Google’s Adwords platform, have received credit for use toward Google Checkout fees they incur. However, due to Google tightening financials, Google Checkout is no longer free or even reduced for Adwords users. Un-Google like, they didn’t even notify current Google Checkout users prior to dumping the Adwords credit system in December. By doing this, all of the December holiday Google Checkout sales paid fees for the service.

Now, the question in the near future is whether Google Checkout can really stand on it’s own.

Google claims that there are enough consumers using and preferring Google Checkout, the system no longer needs to operate as a loss leader to function.

“Why have it as a loss leader if it’s doing OK?” he said. “We saw very healthy results after we decided to charge for the service.”

I think that Google Checkout is going to have a tough time keeping support without offering incentives for retailers to use it. We saw a massive drop when they stopped giving consumers incentives to use it. It simply doesn’t have the consumer support to make it sustainable for the merchants using it. In the past six months or so there’s been speculation of Google dropping the Google Checkout program. This may simply be Google way of letting the program die, especially since this change was never properly announced.

With Paypal stronger than ever and the emergence of Amazon’s payment service, Google Checkout will most likely need to find some new way to garner additional support, or be lost in the history of internet failures.

2008 will end as one of the most dreadful business years in history. Most business will continue with tough time in the coming months. I can only hope that jobs open up, business picks up, and our economy begins to make some sort of rebound.

I do believe that we will be looking at a different landscape when our economy eventually comes around. One thing is for certain, the credit and banking industries are going to look very different by the end of 2009.

Card issuers:

Card issuers are looking to go through some huge changes, maybe the biggest and quickest changes since the invention of the credit card.

Issuing is going to tighten up a lot. We can likely expect a surge in fees, and a reduction in rewards card programs. Add this to increased underwriting scrutiny, and a new FICO scoring system and we end up with a very volatile card issuing system. It’s going to be harder to get a credit card and they’re going to have more fees and less rewards than we’re all used to.

Card processors:

Credit card processors are just now beginning to feel the strain of the down-turned economy. The ones hit hardest are those with the highest attrition and ones that rely on continued new businesses. Processors who went for the lowest bid are seeing massive attrition, and reduction in income. We’re starting to see across-the-board business closures and greatly decreased sales volumes. This creates a very uncertain future for many companies that handle merchant accounts for millions of businesses in the US. In addition, there is the looming congressional credit card interchange regulation bills. Processors do not neatly fall into any category being regulated, so there is a lot of uncertainty in what’s going to happen if the bills are passed.

Businesses:

Not only are we seeing an increase in business closures, but we’re seeing a reduction in new businesses. Typically during a recessionary period, new businesses are started due to opportunities created by layoffs, pay cuts, and other reductions. Unfortunately, this is not yet the case, and new business start-ups are at an all time low. Even successful business are feeling the strain of reduced consumer spending. On the bright side, the extremely low gas prices are helping, but this is most likely temporary, as gas will eventually rebound.

It’s never to late to optimize your operations, reduce costs and debt, but always continue to market and find new ways to gain new customers, and keep the ones you already have.

Consumers:

Consumers are feeling the strain of reduced bank lending, and the reduction of available credit. When the new FICO system comes into affect, this credit reduction has the potential to destroy people’s good credit, since the new system relies very heavily on available/used balance ratios. This holiday has shown us just how bad things have gotten, just today consumer confidence ratings were recorded at an all time low.

The future

While I’m sure that we will come out of this slump, I fear that we have not yet seen the worst of it. My best wishes go out to anyone having a tough time right now, especially those who have been lay-ed off, lost their home, and those undergoing other very difficult circumstances. Things will get better, and many opportunities will come from our current situation, but if you’re waiting for one to come around, you may be waiting for a long time. We all need to continue to push forward, find and create our own opportunities, and help those around us that are experiencing difficulties.

Have a new year!

We just got a sneak peak at the new way5000 wireless terminal.

Way Systems created their own terminal instead of using a re-manufactured Siemens phone. While they technologically regressed in some areas, they made a better product that works for what it is designed to do, process credit cards. By designing from the ground up they were able to use a single keypad for PIN debit processing (Their old models had 2 keypads due to encryption requirements). New features include the ability to add additional processing applications. Once certified, the terminal will support check services and gift cards through some select 3rd party providers. There are also no longer any log in/out requirements to use the terminal, and it has the ability to install new firmware when it becomes available. The new terminal still works with existing Way Systems infrared printers, and can now be charged through a mini-USB port. It is now supported by Apriva and eProcessing Network which allows it to be used with just about every US processor.

This terminal should be available early 2009, and should be a vast improvement to existing Way Systems 1581 terminals. If you were looking at purchasing a Way terminal, it would probably be better to wait for the way5000. We expect it to be about the same price as the 1581.

You can purchase the way5000 terminal from our main website.

Just yesterday, I wrote about the increasing number of non-compliance PCI charges that processors are passing down to their customers. A few months ago several processors started adding monthly PCI compliance fees to their customer’s bill. We’ll, the PCI fees are getting a lot worse!

I reviewed a potential customer’s statement today and they had a $500 PCI non-compliance fee on it, which is by far the largest I have seen to date. Needless to say they were very upset.

Get Compliant:

It appears that these non-compliance fees are going to get much worse, very quickly. We’re getting a lot of pressure from sponsoring banks to impose similar fees, and so far we’ve been able to avoid them.

The point is, these fess are going to be the standard in the near future. If you’re not PCI compliant now, it’s time to look into it before your processor tacks a $500 fee on your monthly bill.

PCI-DSS is required for all US businesses that accept credit cards. For some businesses, there will be no additional cost for becoming compliant. For businesses the process online, or ones storing data, scanning can cost as low as $50 per year, which is a far cry from $500. Security is however, a lot more than just filling out a survey and scanning a server 4 times a year, as requires by PCI-DSS. Whatever the case, PCI-DSS is required by all card issuers, and needs to be adopted. I’m not going to argue whether PCI is fair for some of the businesses out there, but data needs to be secure for every business.

For PCI-DSS Compliance, Start Here: https://www.pcisecuritystandards.org/

CVV or card verification, (also known as CVV2, CVC2, CID) is that small 3 or 4 digit number on the back of your credit card (front for AMEX) that is not encoded on the magnetic stripe, and is designed to help prevent fraud.

CVV offers a little protection against fraud, but nonetheless should be used whenever possible.

(more…)

Due to the new PCI regulations affecting processing equipment manufacturers, Verifone is adding an across the board fee of about $10 for every terminal that they distribute. This means that processors and resellers will most likely be passing that cost on to their customers, so everyone can expect all Verifone terminals to be more expensive in the very near future.

Verifone is the second largest processing equipment manufacturer in the world, and their rivals Hypercom and Ingenico, have not made any moves to increase prices. Although this is only about a 5% price increase, I think that this will severely hurt Verifone’s reputation among banks and processors. Since banks and processors decide which terminals they make available to their customers, this could move to the point that Hypercom and Ingenico gain major ground on the US credit card terminal market. Hypercom’s most recent terminal line, is extremely competitive, and Verifone may have just opened the door for them to make a move.

Verifone’s stock has lost roughly 80% of it’s value since this time last year, while Hypercom has kept loses below 70%. I think this is a poor manner to handle a difficult situation. Verifone would have received a much better response by increasing the prices of their equipment instead of adding a fee to each one being sold. Sometimes the presentation is more important than the action, and I think that this may end up being one of those times.