I thought that this was appropriate considering my latest post.

First Data recently released a program for high-risk businesses so they would not have to go to an offshore or 3rd party processor. Not all high-risk businesses can use this program, but it does allow some of the industries that were previously considered too risky, to process with First Data. Card Service International could take some of these businesses before, but now any ISO that has the ability to sign with the tier 2 program can service these businesses without referring them to CSI.

Businesses that can process with the tier 2 program:

• Adult Products/Merchandise-Not Unqualified (Non Graphic Images)
• Auction Houses
• Charities (other than well known events or causes which are Low Risk)
• Companion/Escort Services (Non-Adult)
• Coupons/Certificates
• Custom Made Items (Except Golf Clubs)
• **Dating Services (on-line, no Adult)
• Diet programs/vitamin sales/herbal remedies-Via MO/TO or Internet
• Discount Buying Clubs/Home Shopping Clubs
• Financial Aid/counseling/student loans/scholarship search services
• Financial Consultants
• Flea Markets (Defined as firms/individuals operating from a Booth, on a part time basis with no lease or telephone availability; whether indoors or outdoor)
• Fortune Tellers (Brick and Mortar)
• Fulfillment Centers (not Aggregators which are Unqualified)
• Gambling advice/Sports Forecasting or Odds making (unless audio or video text which require Visa Registration)
• Membership Clubs -Health and Sports (Extended Memberships)
• Import/Export (Non Mag Stripe or MO/TO)
• Investment Programs/ Opportunities/Seminars
• Pseudo-pharmaceuticals (anti-aging pills, Sex Nutrients, etc.)
• Real Estate Agents/Brokers engaged in vacation
• beach or ski home rentals.
• Seminars (including Real Estate)
• Shippers/Forwarding Brokers and Motor Freight Carriers
• Subscription Services (magazine, newspaper, newsletter).
• Telephone Services/Prepaid Cards
• Theatre/Concerts
• Ticket Brokers
• Timeshare
• Timeshare Advertising Services
• Travel Agents/Tour Operators
• Travel Clubs
• Water Filters/Purifiers
• Door to Door Sales

As I understand, not all First Data ISO’s are allowed to sign businesses on the tier 2 program. Also, these businesses will have to pay a slightly higher rate, but it should be very reasonable when compared to an offshore provider (~ + 10 – 20 basis points, and $.05 – $.10 above a standard rate).

These are the business types which are prohibited with most US processors. Some processors may allow a few of these assuming they have business history, but generally these businesses won’t be able to process with a US provider.

• All Sexually Oriented or Pornographic merchants including:
  • Adult Book Stores
  • Adult Telephone Conversations or video text
  • Companion/Escort Services/Dating Services
  • Massage Parlors
  • Topless bars/clubs
  • Modeling agencies
  • Misc entertainment (not elsewhere classified)
• Aggregators (third party payment processors)
• Audio/video text
• Airlines
• Cruise Lines
• Any Illegal products/services or any service or product providing peripheral support of illegal activities
• Auction Houses
• Bail Bondsmen
• Cellular Phone/Beepers (Services, not equipment)
• Chain Letters
• Charities (other than well known)
• Check Cashing
• Collection agencies or firms involved in recovering/collection past due receivables
• Credit Repair
• Credit Card Protection or Identity Theft Services
• Currency Exchanges
• Drug Paraphernalia
• Extended Warranty Companies
• Flea Markets (with no lease and phone availability) (Virtual terminal/Wireless consider High Risk)
• Fortune Tellers
• Merchants offering free gifts, prizes, sweepstakes or contests as an inducement to purchase a product/service
• Get Rich Quick Schemes
• Health Membership Clubs (Extended Memberships)
• Import/Export (Non Mag Stripe or MO/TO)
• Investment Programs/ Opportunities
• Non face-to-face pharmacy sales (non-institutional)
• Non face-to- face tobacco/cigarette sales
• Lotteries, Gambling, internet Gambling, contests or sweepstakes
• Sports forecasting or odds making
• Mortgage Reduction Services
• Taxi/Limousines (singletons) Virtual terminal/Wireless consider High Risk)
• Pseudo-pharmaceuticals (anti-aging, sex nutrients, etc.)
• Prepaid Cards/quasi cash
• Real Estate Seminars
• Shippers/forwarding Brokers
• Timeshare
• Travel Agents/Tour Operators/Travel Clubs
• Merchants engaged in Door to Door Sales
• Pyramid or multi-level marketing distribution
• Third party order fulfillment
• Merchants engaged in Outbound Telemarketing
• Infomercial merchants or other inbound telemarketers engaged in upsell
• Merchants offering rebates or special incentives

It’s been two years since I started writing this blog. It went through some very weak periods, especially in the beginning, but I’m happy to see it has come this far. I would like to thank all of the subscribers to this blog, and anyone else who occasionally stops by. I have received more than one email of praise and I’m glad that the information that I provide has been useful for a few people out there.

I will have to admit that the hardest part of blogging is maintaining any form of consistency which is blatantly obvious if you look at my topics or post dates.

If you have any suggestions for the future, or if there is any topic that you think should be addressed more / better please let me know. I have a few major ideas planned for the near future, but I’m always open to suggestions, and criticism.

Once again, thank you all for reading.

I just learned that Verifone is rumored to be planning on phasing out a lot of their current terminals, for technical reasons. Supposedly, by the beginning of next year it looks like we will be using an entirely different line of Verifone terminals.

Among those that are rumored to be going away are the Omni 3740, 3750, and the Nurit 8000. These will be replaced by the Verifone VX 570, and the Lipman Nurit 8200 / 8020 (?? – Not entirely sure on this one). The VX 610 still hasn’t gotten off the ground, and because of past performance, I think they will stick with another wireless terminal based on the Nurit line.

There hasn’t been any official release from Verifone about this, but if it plays out, Verifone will be scrambling to get processors to certify and support the newer terminals this fall. Additionally, I don’t think this will have any effect on current 3750 or 8000 users, as these terminals are still very new, and the impact would be huge on the current processing industry, if they stopped supporting these.

Overall, this is not bad news, since the price of the Omni’s and most other Verifone terminals recently went up, while the VX 570 stayed about the same. Anyway, be watching Verifone over the next few months to see if this actually plays out.

A few weeks ago Elastic Path published their Ecommerce Checkout Report which was a great breakdown of the online trends of the top 100 internet retailing websites.

One area that I found particularly interesting is that only about half of the top 100 online retailers require additional card verification (CVV2, CID, CVC, etc) information to be entered when a customer makes a purchase.

Card Code Verification is a basic fraud deterrent because the purchaser must have the card in hand, or have copied the entire number, expiration date and code from the back of the card to use it. It eliminates fraud from credit card skimming as the card verification code is not on the magnetic stripe and therefore cannot be used where CVV2 is required. It’s by no means a complete solution, nor is it acceptable as the only method of preventing fraud. It is a great tool, that costs nothing, and can save a business from a lot of unnecessary fraudulent orders.

So, why would the biggest online retailers not require this most basic information for orders that they accept.

The simple answer is money.

Conversion rates were measured to be 40% higher on the websites that were not requesting card verification information. 40% is a massive amount when you are averaging it across millions or billions in sales. I would imagine that a large well organized company would leverage whether the cost of fraud from not requiring CVV2 outweighs the cost in lost sales from requiring it. It is apparent than many businesses find it less costly to deal with any fraud that might occur from not using CVV2, than to take a hit in their conversion rate and require it. This is a completely irresponsible practice, but isn’t the least bit surprising.

So should you use CVV2?
First off, if your merchant contract states that you must use card verification on card-not-present transactions, then Yes. It is fairly common for processors to require this information, and if you’ve opened a merchant account in the past two years, there’s a good chance that it’s required with your account. You could risk getting your merchant account shut down for not using CVV2 if you’re processor requires it.

My personal recommendation for businesses who aren’t required to use it is also Yes. Especially for the case of small businesses where the cost of a few fraud related chargebacks can ruin a business. Additionally, it is much easier to fight most chargebacks when you have a valid CVV2 match. If you have a positive CVV2 response, it is proof in most cases that the person who made the purchase had the card in hand. CVV2 also is a proactive approach at helping consumers. If a person gets their card skimmed or the number gets stolen, their card cant be used anywhere that CVV2 is required. If a database with credit card numbers gets compromised, the cards cannot be used where CVV2 is required since CVV2 is never allowed to be stored by a business. Lastly, CVV2 actually works for international cards while AVS (Address Verification) does not. It is really the only built-in fraud prevention method that is internationally usable at this time.

Currently CVV2 is not required, but only because some older cards don’t have CVV2 numbers on them. As soon as every card does, it’s very likely that it will be required for all card-not-present transactions.

Even now, if everybody used CVV2 for their transactions, there wouldn’t be a huge conversion rate gap like this, card holders would be safer, and banks would eliminate some of the cost of fraud, which drives up credit card related prices for consumers and businesses alike.

Related:
Credit card verification numbers

This is probably the single most common question that I come across in discussion forums. Someones Paypal account gets frozen and they want to know what to do to get their account unfrozen and get their money back.

While I can’t do anything to get your money back, I have been in this situation more times than anyone I know and I have a bit of knowledge about how the system works. Prevention is always the best bet but sometimes account freezes are completely unexpected or unavoidable.

The first thing you need to realize is that Paypal freezes funds on the same grounds as Visa and Mastercard, and they can hold your funds for 180 days from the date of the transaction (Paypal will hold for 180 days from the date of your account freeze). Unless your funds are frozen for fraud or for some legal reason, you should get your money back after 180 days (worst case scenario). If you committed fraud, or obtained the money illegally, don’t count on getting any of it back, ever!

Why Paypal limit’s accounts:
Paypal is financially liable for funds that you accept, so if they feel your account may cause problems for them or other customers, they will freeze your account. Paypal has an automated system as well as a human managed system for fraud control. If they hold funds, it is because something with your account set off an alarm and either automatically or after human review, they decided that it is in Paypal’s or Paypal’s customer’s best interest to put a hold on your account. It nothing personal, and most of the time it was probably a computer that froze the account based on some fraud algorithm.

Some reasons an account may be frozen:

• Increase in transaction volume (IE: More Transactions).
• Increase in single transaction amount (IE: Larger Transaction).
• Increase in disputes from customers.
• Increase in refunds to your customers (with our without any disputes).
• If a certain percentage of your transactions are disputed over a period of time.
• If fraud was reported against your account.
• Logging-in from multiple IP addresses (* Speculation).
• Withdrawing over a certain threshold amount (** Speculation).

In my experience Paypal most often holds funds when a business processes many more transactions, or when they process much larger transactions that previously in their account. Also when a business sees an increase in disputes or refunds it is often an indication that something is not right. I have no idea of the thresholds that Paypal uses to freeze accounts or how often a human is the person who presses the button, but most of this goes along the lines of credit card processing risk management.

* – The IP address theory I have heard many times, but I have never seen anything official from Paypal. I also haven’t witnessed it on a US paypal account, so it may be an international problem, or a problem with people logging in from restricted or close-to restricted countries. I’ve heard three IP’s is what it is based on, but I’ve personally logged into more than one account from at least 20 IP’s and have never had any problem. The other thought which seems most likely is when an account is accessed in a completely different area than normal (IE: Login from Russia, when the business is in California).

** – My large withdrawal theory is based on the fact that I have had an account held three times on different accounts, and the hold occurred almost immediately after I made a large withdrawal from the account. My guess is that this threshold is at most $5,000 per day, which would be on par with some long standing Federal Reserve regulations. It is may be less than $5,000 or it may vary depending on your history, but I’m 99% sure that it does exist.

Now if your account gets frozen:
The first thing you will get is an email from paypal stating that your account has been frozen. You probably already get ten spam versions of these messages every day, so most likely you will actually learn that your account is frozen when you log-in one day. Anyway, when you log-in to your paypal account you will get a big nasty screen stating that your account has been frozen, and that you need to visit the resolution center to clear up the issue.

In the resolution center, you will have a list of the steps that you need to complete to get your account limitation lifted. You will also have a summary of what you can and cannot do with your account in a limited status. This status varies depending on why your account is being held, and for how long it has been on hold. As for requirements, Paypal will normally have you fax documents to them, and they may be additional steps that you have to do within paypal. The internal steps will normally be confirming a bank account, or credit card.

Commonly Requested Documentation:

• Proof of business existence (Utility bills, DBA registration, Tax license).
• Proof of shipping (Tracking Numbers).
• Proof of person (Drivers license, Social Security Card, Passport etc.).
• Proof of products (Normally your supplier’s name and phone number).

After you fax Paypal the information, you have to wait for their response. They will typically send you an email the next day stating that they received your information. You will receive another email a few days later stating the results. The email will either announce that your account limitation has been lifted, or that they are unable to lift the limitation. If you account remains frozen, they will either ask you to provide more information, or they will tell you to wait 180 days to get your money back. In either case you can call paypal directly and talk to a customer service rep. In most cases they won’t be able to do anything for you, but they may be able to give you other options if you don’t have some documentation that is requested. I can’t stress enough, not to act aggressively with whoever you email or talk to at Paypal. This is the same with any Risk Management situation, yelling at the person on the other end will guarantee a 180 day hold of your money. Yes you’re pissed, but be nice until they hold your money anyway, then complain away!

If you can provide all of the documentation that Paypal requests and you were not reported for fraud or illegal activity there is a good chance of getting your account freed-up. However, Paypal will not always unfreeze an account even if you are doing legitimate business and you provided them with the proper information. It’s unfortunate but is simply a risk of using Paypal at the current time.

Recommendation on not getting your account frozen:
Risk is all about consistency. You could be accepting a million dollars a month, and as long as your business was consistent, and you didn’t get a lot of returns, there wouldn’t be any problem. When changes occur, especially large changes, red flags go up all over the place. New accounts are also at a much higher risk of getting frozen, as most fraud occurs very quickly after an account is opened.

If you have an average transaction size of $50, you should probably expect your account to get frozen if you take $5,000 on a single transaction. The same thing goes for volume. If you consistently do $1,000 – $2,000 per month, and suddenly you start processing $50,000, you should expect your account to get frozen.

My advice is to slowly ramp up sales (This obviously isn’t always possible), and initially specify an amount in the estimated monthly volume and transaction size higher than what you actually expect to do. Make frequent lower amount withdrawals, and try not to keep a lot of money in your account. Be especially careful of making large withdrawals in a single day.

If you have any related experiences or comments, please feel free to share. However, this thread is not Flame Paypal, so any ‘Paypal Sucks’ or related comments will not be posted.

Visa announced some months plans to take their company public in late 2007 or early 2008. I get about four questions a day asking if I know when Visa is going to go public. Here is my update on Visa.

Although Visa has still not named a date for their IPO, they have formally started the IPO process.

On June 22, Visa’s CEO John Coghlan resigned, as Visa hired Hans Morris from Citigroup to be the president of Visa through the IPO. The restructuring of Visa will include combining of Visa USA, Visa Canada, and Visa International, while Visa Europe will remain an independent organization.

My thoughts on the IPO:
I can’t see there being any chance of Visa’s IPO happening in 2007, so I would put it a few months into 2008 (Feb – Apr). Unfortunately, I think that Visa shares are going to be impossible extremely difficult to obtain pre-IPO. Looking at the success of Mastercard’s IPO, the fact that MasterCard shares have quadrupled in the past year or so, and that Visa has a much stronger pre-IPO brand than MasterCard, getting shares is going to be hard. Your best bet, unless you have million to invest, is to get into an investment group that is planning on bidding on a big chunk of Visa stock. Hopefully you can secure a few shares for yourself before the price explodes a few hours after the IPO.

The IPO’s impact:
It’s still unclear exactly how Visa’s IPO is going to impact consumers or businesses. On one hand, Visa will be concerned about public appearance, but on the other they are going to become a profit hungry monster, with a hand already in everyone’s back pocket. The other certainty is that some major companies (Walmart possibly) are going to be purchasing Visa stake in bulk. This will not only be one of the largest IPO’s in history, but could be the widest impacting public offering ever.

If you want to know immediately when Visa announces their IPO date, sign-up for the Merchant Account Blog’s RSS Feed. I will be blogging about Visa’s IPO as soon as I get information on when it is going to happen, or other changes.

This is the list of routers that Verifone has tested to work with the Omni 3740 and 3750 with IP processing capabilities. These two terminals should work with just about any hardware, but these have been tested to work by Verifone, and are some of the more common hardware that small businesses are likely to use.

Dial Routers: (You probably won’t ever need one of these!):
SMC Barricade 7004ABR and 7004AWBR
3COM 3C886 and 3C888

Ethernet Routers (Wired):
D-link DI-604
Netgear 614V2
Linksys BEFSR41 and BEFSRX41
SMC Barricade 7004ABR
Cisco 813, SOHO91, 2500, 2600

Ethernet Routers (Wireless):
D-link DI-624
Netgear 813V2 and 813V3
Linksys BEFW1154, WRT54G, WAP11 (Access Point)
SMC Barricade 7004AWBR
Microsoft MN-700
2Wire Home Portal 1700HW
Sonic Wall TZ170 and TZW

Related Posts:
Verifone Omni Ethernet and IP Network Setup
Convert an Omni 3740 or 3750 for Ethernet Processing

A few weeks ago Arkansas passed a law that would cap merchant account termination fees to $50, or one month’s minimum charge.

Download Arkansas Act 911 ^.pdf

This law was passed un-democratically “quickly” as the Arkansas congress drafted, and passed it without any notice to media, processors, banks, citizens, or even merchants until the law was written.

As far as the law itself, it mainly requires processors to be transparent in the contract length, and any termination or other fees that would be incurred if a business closed their merchant account before the contract was ended. It ensures that merchants can read the contract because it goes as far as setting a minimum font size for the merchant application. The law does not provide any protection for businesses in leases, or other equipment related recurring fees or charges. It also only applies to businesses signing up after July 31, of this year.

Overall the fee transparency is something that a lot of ISO’s need to address better. Capping termination fees without any input from processors is completely unfair, even though termination fees are often excessive. The law is trying to help businesses from getting scammed but because of some poor editing, it isn’t going to do anything.

Here’s where they went and messed the whole thing up:

(d) The foregoing provisions of this chapter do not apply to:
   (1) A state bank or a state savings association that offers a credit card processing service;
   (2) A national bank or a national savings association as defined 31 in 12 U.S.C. 1813, as it existed on January 1, 2007, that offers a credit card processing service; or
   (3) The parent, affiliate, or subsidiary of any bank or savings association that offers a credit card processing service.

Well, they effectively voided out this entire document with #3. Since every legal ISO is an affiliate of a bank, this law no longer applies to anyone, unless they are somehow providing services illegally, in which case they probably have other things to worry about. Someone obviously was mad, in a hurry, and forgot to do their research because it doesn’t take much see the conflict.

I guess that’s what happens when you pass a law without any public notice or input.

If you are in the process of, or have applied to accept credit cards for your business at some point, there’s a good chance that you found or were found by several merchant service providers. And chances are you based a large part of your decision on who to process with, from the processing fee. The processing fee, while important, is the most overrated and overvalued fee that a business can pay attention to.

Here’s why…

The majority of businesses are only going to process a few thousand dollars per month. While most of us fantasize about doing millions of dollars in sales each month, it just simply wont be the case, ever. Because of this invisible cap on sales, and the fact that every decent merchant account provider is going to have a similar processing fee, you will pay about the same amount in processing fees no matter what company you process with. However, the other fees that are associated with your merchant account can tip the scale between affordable and a complete rip off.

Just to clarify before I go any further, I always recommend businesses not shop based solely on price. However, those fixed and extra little fees that you weren’t told about up-front, ignored because they were really small, or simply didn’t understand, are going to have a big affect on what you will actually pay to accept your customer’s cards. When those fees are hidden or not disclosed, it’s a pretty good sign that you found a company that you may not want to do business with.

And now the facts:

Let’s say a company processes twenty thousand dollars per month, with a volume two thousand transactions (Average sales of $10). The difference between 1.69% and 1.75% over $20,000 is only $12. Not really anything to call home about.

Now lets say the provider with the 1.69% rate is charging $.25 for each transaction while the other is charging $.20. That comes out to a difference of $100 per month, which is probably something worth considering. A difference of $.01 per transaction will have more affect on the monthly cost than .1% in processing fees.

In this case: 1.69% & $.25 = 2.19% & $.20.

The processing fee in the second scenario is over 75% higher, but the cost is the same as the perceived lower rate.

When you start to add in things like $.05 AVS fees that you didn’t know about (You mean they charge me for that, and it’s required?), maybe a Watts surcharge of $.05 (what the hell is that?), and maybe even some fee listed in the miscellaneous section for $.05 (run away now…), the extra cost adds up really fast. You don’t even need to take into account things like downgrade fees, which can double your monthly bill, to see that little fees can make a huge difference at the end of the month.

My advice to anyone looking to accept credit cards, or anyone looking to find a new processor, is to stop looking at the huge distraction called the processing fee, and look at everything else you will be paying. Your books will be far better for it, and you will truly find out what kind of company you are dealing with.