Information on Merchant Accounts,
Ecommerce and Credit Card Processing

September 18th, 2007 by Jamie Estep

Credit card terminal operation is not universal

Filed in: Credit Card Equipment |

When you purchase processing equipment online, or with a company that you do not process with, it sometimes does not have an overlay and usually doesn’t have product manuals that come with it. One of the biggest support requests that I see, are people looking for product manuals for terminals, and quick reference guides. Unlike most other products in existence, processing equipment manufacturer can rarely provide accurate operating manuals for their own equipment.

Most terminals do not have functions hard-encoded in their keys, meaning that when a terminal is used with different processors and with different business types, the keys change. This is the reason that there is often no quick reference manual available for operating a terminal. Most processors do have some sort of manual on how to operate different equipment, but these are largely depending on how common a business type is and how popular the specific terminal is.

When you need a quick reference manual or user guide for a terminal, the best place to check is with your current processor, since they will know who your back-end processor is, and exactly what manual you need.

An example of multiple uses for one terminal:

September 14th, 2007 by Jamie Estep

Credit Card Terminal Certification

Filed in: Credit Card Equipment |

If you work in the merchant services industry, you quickly learn that equipment manufacturers produce new equipment much faster than anyone is ready to use it. Many of the terminals and equipment never get picked up by processors and are lost in history.

From a business standpoint, it is fairly common for a new or potential customer to be asking about some new super terminal that they just read about. Most of the time these terminals are not properly certified with a particular processing bank, or they just aren’t available through any of the terminal wholesalers.

Before a terminal ever makes it to the hands of a business owner, several things must happen. First off, it must be certified with Visa and MasterCard, before is it ever looked at. This is usually done before the company even releases the terminal publicly. If it can’t get certified on this level, there’s no reason for anyone to know about it at all.

Secondly, the terminal must have some new desired feature or new technology before a processor will take the steps to support it. If the terminal does the exact same thing as every other terminal before it, there really isn’t any reason to switch to it. It usually has to offer some additional function that current terminals do not have, and customers want. Additionally, it is always good if it is replacing an aging terminal model, or replacing a terminal that is no longer technically competent or secure.

Terminals certification with a credit card processor is one of the biggest hurdles for a machine to become popular. Visa and MasterCard certification is something that every terminal will get before anyone outside the company ever hears about it, but processor certification is what ultimately decides whether a terminal will be used. Processors have to do a lot of work to support new terminals, and they do not certify new terminals easily.

Processor certification levels:

  • Level A – Fully certified and supported by the processor.
  • Level B – The equipment works with the processor, but the processor will not support any problems or troubleshooting.
  • Level C – The processor does not guarantee that the terminal will work on their platform, and will not support it in any way.

Level A, Level B, and Level C are the three certification levels that processors have, and unless a terminal is certified A, it will rarely be used anywhere. B+ is also common, and is the only non-A certification where a terminal may still be commonly used.

In theory, just about any terminal can be made to process with any processor (Putting proprietary terminals aside), but it takes a lot of testing to ensure the terminal works in many different situations. Since a terminal uses a different program for retail businesses, restaurants, gas stations, and any other type of business, a completely unique program must be built for each business type. Each of these programs must be tested and certified as well, which is why some terminals work with some processors with certain business types, while they don’t work at other processors for the same business type. The best bet is always to use the terminal that your processor recommends (Unless it is something that you just don’t need, or is proprietary!), because they most likely can provide the best support for that terminal.

When you need a new terminal don’t go for the newest thing out there unless it has some feature that no other terminal has, and you really need that feature. The tried-and-true terminals (Nurit 2085, Hypercom t7 plus, Omni 3200SE, etc.) have been very popular for a long time and are still very popular. These terminals are fast (enough), reliable, and cheap. For most small businesses they will be great terminals. Here’s a quick guide on what terminal to purchase when you do need a new one. The Omni 3750 is by far the best terminal for IP based processing. The Nurit 8020 GPRS is the best full-featured wireless terminal.

August 17th, 2007 by Jamie Estep

Independent sales agents looking for info

Filed in: Merchant Accounts |

I get a lot of sales agents that stop by the blog looking for general and specific information. Since this blog is written with the business owner in mind and not necessarily directly for the MLS agent, you may not find the information that you are looking for.

Here’s a few good information resources for independent salespersons:
MLS warriors forum
Greensheet forum
Card forum
Visa partner network
Visa :: Merchants
Mastercard :: Merchants

Also, the blogs and websites under the ‘Payment Processing’ section of the left navigation are good places to get information.

August 15th, 2007 by Jamie Estep

A Real Payment Directory

Filed in: Industry News, Merchant Accounts | 3 comments

I’ve been working on a new project for some time now, and it is finally complete enough to make public (still has a long way to go though). I started making a payment provider directory a few months ago and after integrating various ideas into it, I think it is finally going to be something worth the effort. All of the other payment services directories (BOTW, DMOZ, are terrible, and I hope to make this an authoritative, unbiased directory for processing services.

Basically, this payment directory is designed to list only real, registered payments related service providers. There is no bias to any company. This should help business owners that are trying to verify the validity of a company that they are looking at. It also has a visual feature on the front page that organizes different service providers in a hierarchical model. It’s the only visual model of processor relationships that I have ever seen, and it makes a lot of sense to me especially after seeing it come together. I don’t plan to have user reviews of any companies at this time, mainly to avoid the “this company sucks” reviews, which don’t provide a lot of value to most individuals.

Current Categories:
Registered ISO’s / MSP’s / Banks (Must be registered with Visa, Mastercard and a sponsor bank. Sales agents don’t count.)
1st Tier Payment Gateways (Co-branded payment gateways don’t count.)
Processing Equipment Manufacturers
Bankcard Attorneys (Must be an active member of a state Bar, and have experience in bankcard law)
PCI / SDP / CISP Security Services

Future Categories: (the spam potential is huge for these so I’m hesitant to add them)
Outside Sales Agents
Shopping Carts

There’s definitely some inaccuracies in relationships at this time, but I expect to work these out in the next few months. As more companies are added to the directory the visual model will become increasingly accurate. I have to give credit to smashing magazine, as their recent post on data visualization inspired me to apply it to the directory. Also, the data visualization code JsViz was used for the homepage which is pulled dynamically from the directory database.

I will admit upfront that the visual model is innaccurate in the sense that many ISO’s are registered with more than one processor. As a result, an actual visual model would look like a spiderweb rather than a snowflake.

So, if you get a chance, check out the payment directory. Contributions will be very appreciated, and please let me know if you find any incorrect information, or suggestions.

August 1st, 2007 by Jamie Estep to offer Paypal and Google Checkout competitor

Filed in: Industry News | 3 comments

Amazon is planning on extending their payment service to non-amazon payments in a system designed to compete with Google checkout and Paypal. Instead of adopting the features of just Google Checkout or Paypal, Amazon will use some of the features from both services.

This service is supposed to offer a simple integration method similar to Google checkout where visitors will be redirected to to finalize their purchases. Additionally, this service will act as a P2P transfer system between members.

Since has a huge base of businesses that sell on the website, this new payment service could become a major competitor for both Paypal and Google. Unlike Google, who has had difficulties in getting widespread adoption of the Google checkout system, Amazon already has the businesses to support a new system, and for many this new payment system would be quickly adopted. Ebay was the driving force behind paypal, and is definitely large enough to be a driving force behind their own payment system.

Originally reported on TechCrunch »

July 31st, 2007 by Jamie Estep

First Data’s tier 2 program for high-risk businesses

Filed in: Merchant Accounts | 2 comments

I thought that this was appropriate considering my latest post.

First Data recently released a program for high-risk businesses so they would not have to go to an offshore or 3rd party processor. Not all high-risk businesses can use this program, but it does allow some of the industries that were previously considered too risky, to process with First Data. Card Service International could take some of these businesses before, but now any ISO that has the ability to sign with the tier 2 program can service these businesses without referring them to CSI.

Businesses that can process with the tier 2 program:

  • Adult Products/Merchandise-Not Unqualified (Non Graphic Images)
  • Auction Houses
  • Charities (other than well known events or causes which are Low Risk)
  • Companion/Escort Services (Non-Adult)
  • Coupons/Certificates
  • Custom Made Items (Except Golf Clubs)
  • **Dating Services (on-line, no Adult)
  • Diet programs/vitamin sales/herbal remedies-Via MO/TO or Internet
  • Discount Buying Clubs/Home Shopping Clubs
  • Financial Aid/counseling/student loans/scholarship search services
  • Financial Consultants
  • Flea Markets (Defined as firms/individuals operating from a Booth, on a part time basis with no lease or telephone availability; whether indoors or outdoor)
  • Fortune Tellers (Brick and Mortar)
  • Fulfillment Centers (not Aggregators which are Unqualified)
  • Gambling advice/Sports Forecasting or Odds making (unless audio or video text which require Visa Registration)
  • Membership Clubs -Health and Sports (Extended Memberships)
  • Import/Export (Non Mag Stripe or MO/TO)
  • Investment Programs/ Opportunities/Seminars
  • Pseudo-pharmaceuticals (anti-aging pills, Sex Nutrients, etc.)
  • Real Estate Agents/Brokers engaged in vacation
  • beach or ski home rentals.
  • Seminars (including Real Estate)
  • Shippers/Forwarding Brokers and Motor Freight Carriers
  • Subscription Services (magazine, newspaper, newsletter).
  • Telephone Services/Prepaid Cards
  • Theatre/Concerts
  • Ticket Brokers
  • Timeshare
  • Timeshare Advertising Services
  • Travel Agents/Tour Operators
  • Travel Clubs
  • Water Filters/Purifiers
  • Door to Door Sales

As I understand, not all First Data ISO’s are allowed to sign businesses on the tier 2 program. Also, these businesses will have to pay a slightly higher rate, but it should be very reasonable when compared to an offshore provider (~ + 10 – 20 basis points, and $.05 – $.10 above a standard rate).

July 27th, 2007 by Jamie Estep

Prohibited Merchant Accounts

Filed in: Merchant Accounts |

These are the business types which are prohibited with most US processors. Some processors may allow a few of these assuming they have business history, but generally these businesses won’t be able to process with a US provider.

  • All Sexually Oriented or Pornographic merchants including:
    • Adult Book Stores
    • Adult Telephone Conversations or video text
    • Companion/Escort Services/Dating Services
    • Massage Parlors
    • Topless bars/clubs
    • Modeling agencies
    • Misc entertainment (not elsewhere classified)
  • Aggregators (third party payment processors)
  • Audio/video text
  • Airlines
  • Cruise Lines
  • Any Illegal products/services or any service or product providing peripheral support of illegal activities
  • Auction Houses
  • Bail Bondsmen
  • Cellular Phone/Beepers (Services, not equipment)
  • Chain Letters
  • Charities (other than well known)
  • Check Cashing
  • Collection agencies or firms involved in recovering/collection past due receivables
  • Credit Repair
  • Credit Card Protection or Identity Theft Services
  • Currency Exchanges
  • Drug Paraphernalia
  • Extended Warranty Companies
  • Flea Markets (with no lease and phone availability) (Virtual terminal/Wireless consider High Risk)
  • Fortune Tellers
  • Merchants offering free gifts, prizes, sweepstakes or contests as an inducement to purchase a product/service
  • Get Rich Quick Schemes
  • Health Membership Clubs (Extended Memberships)
  • Import/Export (Non Mag Stripe or MO/TO)
  • Investment Programs/ Opportunities
  • Non face-to-face pharmacy sales (non-institutional)
  • Non face-to- face tobacco/cigarette sales
  • Lotteries, Gambling, internet Gambling, contests or sweepstakes
  • Sports forecasting or odds making
  • Mortgage Reduction Services
  • Taxi/Limousines (singletons) Virtual terminal/Wireless consider High Risk)
  • Pseudo-pharmaceuticals (anti-aging, sex nutrients, etc.)
  • Prepaid Cards/quasi cash
  • Real Estate Seminars
  • Shippers/forwarding Brokers
  • Timeshare
  • Travel Agents/Tour Operators/Travel Clubs
  • Merchants engaged in Door to Door Sales
  • Pyramid or multi-level marketing distribution
  • Third party order fulfillment
  • Merchants engaged in Outbound Telemarketing
  • Infomercial merchants or other inbound telemarketers engaged in upsell
  • Merchants offering rebates or special incentives

July 26th, 2007 by Jamie Estep

Merchant Account Blog’s 2nd Anniversary

Filed in: Industry News |

It’s been two years since I started writing this blog. It went through some very weak periods, especially in the beginning, but I’m happy to see it has come this far. I would like to thank all of the subscribers to this blog, and anyone else who occasionally stops by. I have received more than one email of praise and I’m glad that the information that I provide has been useful for a few people out there.

I will have to admit that the hardest part of blogging is maintaining any form of consistency which is blatantly obvious if you look at my topics or post dates.

If you have any suggestions for the future, or if there is any topic that you think should be addressed more / better please let me know. I have a few major ideas planned for the near future, but I’m always open to suggestions, and criticism.

Once again, thank you all for reading.

July 19th, 2007 by Jamie Estep

Some Verifone terminals may be going away

Filed in: Credit Card Equipment | 2 comments

I just learned that Verifone is rumored to be planning on phasing out a lot of their current terminals, for technical reasons. Supposedly, by the beginning of next year it looks like we will be using an entirely different line of Verifone terminals.

Among those that are rumored to be going away are the Omni 3740, 3750, and the Nurit 8000. These will be replaced by the Verifone VX 570, and the Lipman Nurit 8200 / 8020 (?? – Not entirely sure on this one). The VX 610 still hasn’t gotten off the ground, and because of past performance, I think they will stick with another wireless terminal based on the Nurit line.

There hasn’t been any official release from Verifone about this, but if it plays out, Verifone will be scrambling to get processors to certify and support the newer terminals this fall. Additionally, I don’t think this will have any effect on current 3750 or 8000 users, as these terminals are still very new, and the impact would be huge on the current processing industry, if they stopped supporting these.

Overall, this is not bad news, since the price of the Omni’s and most other Verifone terminals recently went up, while the VX 570 stayed about the same. Anyway, be watching Verifone over the next few months to see if this actually plays out.

July 16th, 2007 by Jamie Estep

Only half of top ecommerce sites require Card Verification

Filed in: Merchant Accounts | 6 comments

A few weeks ago Elastic Path published their Ecommerce Checkout Report which was a great breakdown of the online trends of the top 100 internet retailing websites.

One area that I found particularly interesting is that only about half of the top 100 online retailers require additional card verification (CVV2, CID, CVC, etc) information to be entered when a customer makes a purchase.

CVV2 Credit Card

Card Code Verification is a basic fraud deterrent because the purchaser must have the card in hand, or have copied the entire number, expiration date and code from the back of the card to use it. It eliminates fraud from credit card skimming as the card verification code is not on the magnetic stripe and therefore cannot be used where CVV2 is required. It’s by no means a complete solution, nor is it acceptable as the only method of preventing fraud. It is a great tool, that costs nothing, and can save a business from a lot of unnecessary fraudulent orders.

So, why would the biggest online retailers not require this most basic information for orders that they accept.

The simple answer is money.

Conversion rates were measured to be 40% higher on the websites that were not requesting card verification information. 40% is a massive amount when you are averaging it across millions or billions in sales. I would imagine that a large well organized company would leverage whether the cost of fraud from not requiring CVV2 outweighs the cost in lost sales from requiring it. It is apparent than many businesses find it less costly to deal with any fraud that might occur from not using CVV2, than to take a hit in their conversion rate and require it. This is a completely irresponsible practice, but isn’t the least bit surprising.

So should you use CVV2?
First off, if your merchant contract states that you must use card verification on card-not-present transactions, then Yes. It is fairly common for processors to require this information, and if you’ve opened a merchant account in the past two years, there’s a good chance that it’s required with your account. You could risk getting your merchant account shut down for not using CVV2 if you’re processor requires it.

My personal recommendation for businesses who aren’t required to use it is also Yes. Especially for the case of small businesses where the cost of a few fraud related chargebacks can ruin a business. Additionally, it is much easier to fight most chargebacks when you have a valid CVV2 match. If you have a positive CVV2 response, it is proof in most cases that the person who made the purchase had the card in hand. CVV2 also is a proactive approach at helping consumers. If a person gets their card skimmed or the number gets stolen, their card cant be used anywhere that CVV2 is required. If a database with credit card numbers gets compromised, the cards cannot be used where CVV2 is required since CVV2 is never allowed to be stored by a business. Lastly, CVV2 actually works for international cards while AVS (Address Verification) does not. It is really the only built-in fraud prevention method that is internationally usable at this time.

Currently CVV2 is not required, but only because some older cards don’t have CVV2 numbers on them. As soon as every card does, it’s very likely that it will be required for all card-not-present transactions.

Even now, if everybody used CVV2 for their transactions, there wouldn’t be a huge conversion rate gap like this, card holders would be safer, and banks would eliminate some of the cost of fraud, which drives up credit card related prices for consumers and businesses alike.

Credit card verification numbers