Information on Merchant Accounts,
Ecommerce and Credit Card Processing

June 12th, 2007 by Jamie Estep

Verifone must be sick of competing with themselves

Filed in: Industry News | 1 comment

I just got word that Verifone is making an industry wide increase on prices on many of the popular terminals that they offer.

My guess is that Verifone is tired of competing with themselves and is only making this increase because there is no competition that can stand up against them. Since Verifone owns Lipman as well, they have a complete dominance over the entire processing equipment market. Raising their price is a smart move for them because almost all equipment being used is theirs. It also sucks for business owners and equipment resellers as many terminals are going to nearly double in price.

Terminals that are going to go up in price in the next few months:

  • Omni 3200SE
  • Omni 3740 Dual Comm
  • Omni 3750 Dual Comm
  • Omni 3730/3730LE
  • VX 570/VX 570LE
  • VX 610
  • Nurit 8320
  • Nurit 292 Pinpad
  • Verifone P250 Printer
  • Verifone P900 Printer

There are also a few other increases on a few rarely used pinpads, and printers.

This definitely appears to be one of those situations, antitrust regulation were made to protect against. Unfortunately nobody paid any attention to an obvious monopoly in the making when Verifone purchased Lipman last year.

May 29th, 2007 by Jamie Estep

Interchange activism is missing the point

Filed in: Merchant Accounts | 1 comment

In the green sheet this morning, there was a good article about how credit card interchange is still under fire. Especially since some of the more signifigant updates with the interchange schedules this April (Visa adding a new category of cards), interchange is again under the microscope.

At least a dozen bills pending in state legislatures address topics related to interchange, according to the NCSL. Here’s a rundown of several key initiatives:

  • Two bills introduced in the Florida state legislature would require refunds to merchants paying interchange on sales taxes.
  • Legislation pending in Kansas would require that merchants have better access to information related to interchange rates. It also defines interchange fees for purposes of state law.
  • A bill pending in Nevada would prohibit interchange on certain transactions.
  • In Oklahoma, legislation has been introduced that would prohibit certain contract provisions regarding merchant transaction fees.
  • Lawmakers in Tennessee are considering legislation that would cap at 0.75% all processing fees associated with credit or debit card transactions. The proposal would apply to contracts entered into with merchants by banks or their agents after July 1, 2007.
  • Texas lawmakers have a bill before them that would require more transparency in disclosing interchange and related processing fees. A tougher bill, introduced and quickly withdrawn in March after a large consumer letter-writing campaign, would have allowed retailers to surcharge credit and debit card payments to cover processing costs.
  • In Washington state, lawmakers want to restrict interchange to 1.5% of the total cost of a retail card transaction.

Now, I can completely agree that interchange needs to be more transparent. As far as showing how much interchange is paid, itemized for every transaction that a business processes, it may be a little excessive. Imagine a business that processes a million or even ten thousand transactions per month, have fun with that statement.

From what I read on a weekly basis, lawmakers and interchange activists often completely miss the concept of interchange, and therefor are not developing strong arguments in trying to get interchange reduced or even more transparent.

Here’s what I think needs to happen before any major interchange changes are made:

  1. The first step in making any progress towards a more transparent and potentially lower interchange, is going to be a more widespread understanding of what interchange is and where the fees go. There is so much inaccurate information and opinions as to what interchange is, and what it is being called, that it is hard for anyone outside the industry to know what is fact.
  2. There needs to be a much better understanding of who interchange fees actually are paid to (Most of interchange does not go to Visa or MasterCard).
  3. There needs to be an understanding of what processing fees are, in relation to interchange. (Tennessee capping processing fees to .75% is going to do nothing but stop Tennessee businesses from being able to accept credit cards.)
  4. There needs to be some understanding that the billions of dollars in equipment that makes up the processing networks costs billions of dollars to maintain. Also, Visa, MasterCard, all of the processing banks, ISO’s, MSP’s, and other organizations that are needed to actually provide the processing services, employ tens of thousands of people and can’t run for free. (Yes there are many overpriced organizations out there, and ones that are just trying to rip business owners off, but there are good ones too.)
  5. Someone in congress is going to have to start caring before anything changes. Currently, there aren’t any congressman that have shown any remote interest in regulating interchange on a national level.
  6. Card holders are going to have to stop getting cards with huge rewards programs. Interchange categories are based on rewards programs associated with specific cards. This is also the reason that interchange is so complicated and keeps getting more expensive. The more rewards your card has, the more that a business has to pay to process it.
  7. Most Importantly: Consumers are going to have to take interest in what businesses have to pay to process their credit card. The sad fact of doing business in the US is that nobody really cares about how much a business has to pay for anything. If consumers started complaining about interchange, you can be damn sure that things would change quickly, but as long as consumers are happy with their super rewards cards, and they still want faster, more convenient ways to pay, interchange will go nowhere but up.

May 24th, 2007 by Jamie Estep

How many data security breaches will it take?

Filed in: Fraud, Merchant Accounts | 8 comments

I was checking out this chronology of data security breaches this last weekend, and I realized that the amount of breaches that have occurred is absolutely amazing. Over 150 Million records have been compromised in the past two and a half years, and this number doesn’t take into account the fact that the number of compromised records for about 1/3 of the total number of breaches is unknown.

From looking at this we can observe a few solid facts about data security breaches in general. First, the three most common reasons for data to be compromised are lost and stolen laptops and storage devices, disgruntled employees, and hacking.

The Top five data security breaches are:
TJ Max (45.7M) – Massive long-term hack
CardSystems (40M) – Hacking of unencrypted data
U.S. Dept. of Veteran’s Affairs (28.6M) – Stolen laptop (No data has been used to date)
iBill (17.7M) – Inside
Georgia Dept. of Community Health (2.9M) – lost disk

These are breaches relating to banks and financial institutions:
CardSystems (40M) – Hacking of unencrypted data
iBill (17.7M) – Inside
CitiFinancial (3.9M) – Lost backup tapes
Bank of America (1.2M) – Lost backup tape
Wachovia, Bank of America (676,000) – Inside
Providence Home Services (365,000) – Stolen backup tapes
Mortgage Lenders Network USA (321,000) – Inside
Ameriprise Financial Inc. (260,000) – Stolen laptop
Ameritrade (200,000) – Lost backup tape
Fidelity Investments (196,000) – Stolen laptop
Iowa Student Loan (165,000) – Lost laptop while being shipped
Firstrust Bank (100,000) – Stolen laptop
People’s Bank (90,000) – Lost computer tape
MoneyGram International (79,000) – Hacking
Mercantile Potomac Bank (48,000) – Stolen laptop
J.P. Morgan (47,000) – Tape drive missing
PayMaxx (25,000) – Accidentally exposed online
Bank of America (18,000) – Stolen laptop
Premier Bank (18,000) – Stolen data
KeyCorp (9,300) – Stolen computer
North Fork Bank, NY (9,000) – Stolen laptop
Univ. of Michigan Credit Union (5,000) – Stolen documents
Chase Bank and the former Bank One (4,100) – Documents left in desk that was sold
TransUnion (3,623) – Stolen computer
AllState Insurance (2,700) – Stolen computer
Equifax (2,500) – Stolen laptop
Sovereign Bank (Thousands) – Stolen laptops
West Shore Bank (1,000) – Security break
Westborough Bank (750) – Inside
Ceridian Corp (150) – accidentally posted personal data on website
City National Bank (Unknown) – Lost backup tapes
J.P. Morgan Chase & Co. (Unknown) – Stolen laptop
J.P. Morgan (Unknown) – Information found in trash
Bank of America (Undisclosed) – Stolen Laptop
Bank of America (Unknown) – Internet by former contractor
Bank of America (Limited Number) – Stolen laptop
La Salle Bank, ABN AMRO Mortgage Group (2M) – DHL lost but later found backup tape
Wells Fargo (Unknown) – Stolen computer
M&T Bank (Unknown) – Stolen laptop
Matrix Bancorp Inc.(Unknown) – Stolen laptops
U.S. Bank (Small Amount) – Stolen briefcase
VISA/FirstBank (Unknown) – Visa card processor’s compromised data
Home Finance Mortgage, Inc. (Unknown) – Accidentally discarded files
Columbia Bank (Unknown) – Hacking

How we can stop all of this:
The current focus on data security seems to resolve around PCI / CISP compliance and keeping data protected and properly stored. In truth, not storing sensitive data on portable devices would do far more good. The biggest reason of data compromise is stolen or lost laptops containing sensitive information on them. Many of the stolen incidents were from a personal vehicle or their home. Five data loss incidents by a single company (Bank of America) is completely unacceptable. Companies, especially ones where trust is a huge factor (Banks) need to take a much more serious approach to securing information. Only three of these data losses at financial institutions were due to hacking. There really is no excuse for the rest of them.

The next thing that I find particularly upsetting is that a huge overall percentage of the laptops and portable storage related losses were from government agencies, and the majority of all losses happened at universities or other educational institutions. Our government and educational institutions are obviously not being cautious enough with personal information. I wont list all of these because it would take about 10 pages to get them all in.

The bottom line is that everyone needs to take some common sense precautions to data security. The newest two million bit encryption, and all the security in the world isn’t going to help when an employee looses a laptop with sensitive information on it.

May 18th, 2007 by Jamie Estep

Texas businesses liable for data security breaches, Jan 09

Filed in: Fraud, Industry News | 3 comments

I’m a few days behind on this one. I completely forgot to write about it last week, but the PCI and Data Security Compliance Blog reminded me when I saw it in my feed reader.

Last week, Texas legislation passed a bill that makes businesses liable for any monetary expenses resulting from data security breaches of their company. The data that is specifically covered under this is credit card or other magnetic or chip stored information, and personally sensitive information. The bill also states that businesses must safeguard sensitive information and that they must take action if a data security breach is discovered.

Businesses will be responsible for any costs that a financial institution incurs when they have to replace customer’s cards that may have been compromised as well as repay the financial institution’s legal fees. More importantly, the business is completely liable for any refunded transactions that the bank has to make to the customer (This is the first time that I have ever seen a bill, law, or regulation that takes chargeback liability from the business that actually accepted the card.) Also one of the only logical regulations I have seen regarding the payment processing industry.

The bill does not specify how the data must be stored, so any business that keeps copies of sensitive data, either in an electronic database, or on paper, is subject to this bill. Also, businesses that are PCI compliant are protected.

This is an extremely important bill and I imagine that many states are likely to follow suit. In my opinion the most significant part of this bill is placing liability on the business where the breach occurred. Realistically, this could be a very positive change for online businesses and others that are subject to stolen card fraud. I’m not sure if there is a measurable percentage of fraud that occurs from breaches, but if there is it could definitely help take the load off businesses being hit with this type of fraud.

Texas BILL HB03222E (text document)
Actual Texas BILL HB03222E

Other blogs about this law:
Texas first state to make PCI law –
PCI Codified into Texas law (nearly) –
The Law of PCI –
PCI Takes A Twist –

May 17th, 2007 by Jamie Estep

The back-end process to setup a merchant account.

Filed in: Merchant Accounts | 1 comment

Once a merchant account application is submitted by a business, there are several steps that it must go further through before a business can get setup accepting credit cards.

I very often see merchant account providers making same day setup guarantees to potential customers. While I’m in no way saying that it isn’t possible to set a business up the same day, this is most often nothing more than a marketing scheme. Depending on the back-end processor, some take a minimum of 24 hours for the actual merchant account to go live. In cases like this, there is nothing that any business can do to speed up the process.

The Steps:

  1. Application is submitted by the business owner to the sales agent or the ISO’s applications department.
  2. The application is reviewed to ensure that no required information is missing.
  3. The application is manually entered into the processor’s underwriting system.
  4. Depending in several risk factors, an instant approval may be received at this point.
  5. If there was not an instant approval, the application is placed into the underwriting department’s quee.
  6. The application is reviewed by an underwriter. The underwriter can approve the application, decline it, or request additional information. The ISO’s applications department is notified of the status change of the application.
  7. If additional information is required, the ISO will get the required information (could be utility bill, marketing material, etc.) and resubmit it back to the underwriting department.
  8. Once the application is approved, the ISO will setup the software, payment gateway, or credit card terminal for the business to process with. (After the application is approved, it normally takes about 24 hours before the merchant account is live. Only a few processors have the technical ability for a business to start processing immediately.)
  9. Once the account goes live, and the merchant’s processing system is setup, they can now process credit cards.

Back End Setup

In the end, a considerable amount of human work needs to be done for a merchant account to get setup properly. Any problem or error at any step of the process can greatly delay the merchant account getting setup. Unfortunately, there is little ability for automation to occur through the application process. Even though, technically it makes sense to create an automated system, one of the main purposes of this process is to prevent fraud. Computer algorithms score application for fraud, but it must be a human to make the final decision.

May 15th, 2007 by Jamie Estep

Making your Ethernet credit card terminal wireless (WiFi)!

Filed in: Credit Card Equipment, Guides, Merchant Accounts | 2 comments

I just got my hands on a Verifone Omni 3750 WiFi module. The module replaces the dial, or Ethernet module on an Omni 3750, and it has a small Compact-Flash wireless card in it that allows it to connect to a wireless network. The module is a little hard to get a hold of. We had to check out suppliers and special order one, which took about a week extra to get. The other drawback with the WiFi module is that it is a bit expensive (about $200), and while many businesses could benefit from using one, it may not be worth the extra $200.

So I devised another way to connect an IP capable Omni 3740 or 3750 or other Ethernet compatible terminal to a wireless network.

Here’s what you need:

  1. An Ethernet compatible terminal that is currently able to process transactions over an IP connection.
  2. An encrypted wireless network. (WPA not WEP!)
  3. A wireless (WiFi) gaming adapter or wireless access point. (Must support WPA encryption!)
  4. One small length of CAT 5 / 5E / 6 Ethernet cable.
  5. A PC or laptop (Used only to configure the wireless adapter)


The idea behind this is that once your terminal has the ability to process over an IP connection, it really doesn’t matter how the terminal is actually connected to the internet. A WiFi connection through an adapter is no different to a credit card terminal than connecting directly to a switch or router.

Who this guide applies to:

This guide will be most useful for businesses that have an existing wireless network, and have an IP capable terminal, and they can benefit in some way from connecting their terminal to the wireless network instead of the wired network.

Typical Network Setup Diagram

It it important to be able to already process over an IP connection before you start setting this up. This will eliminate the terminal setup being the problem if something doesn’t work correctly.

Step 1 – Setup the wireless network:

Here’s a great guide from Microsoft on how to setup a wireless network. Make sure you enable WPA encryption when you setup your connection. The recent TJ Max security breach was thought to originate from an unsecured wireless network. Additionally, WEP encryption is not a sufficient form of protecting a wireless network so WPA or WPA2 encryption should be used instead of WEP. If you are interested, here’s a detailed summary of why WEP encryption is not sufficient.Personally I recommend D-Link brand components for home and small business networking. From my experiences, their reliability, price and ease of use is far better than other manufacturers (Linksys, Netgear, 3com, Cisco, etc.) for non-enterprise level wireless networking.

Step 2 – Setup the wireless adapter:

The D-Link DWL-G820 is the wireless adapter that I recommend for this guide. It’s small, cheap (~$60), and it supports WPA encryption. You will need connect the adapter to a PC or laptop and follow the installation instructions to properly setup the adapter. This should take about five minutes to complete and essentially consists of the following.

Basic steps to setup wireless adapter:

  1. Plug Ethernet cable from wireless adapter to computer.
  2. Connect AC adapter from electrical outlet to wireless adapter.
  3. Point web browser to
  4. Configure wireless adapter to connect to wireless network.
  5. Enable WPA encryption, enter the network pass-phrase, and restart the wireless adapter.
  6. Once the adapter restarts, verify the internet connection with the computer that is still attached.
  7. Done…

Once you verify that the computer is able to connect to the internet with the wireless adapter, and that the adapter is connecting using WPA encryption, the adapter is configured.

Step 3 – Connect terminal to wireless adapter.

Connect the terminal with CAT 5 / 5E / 6 Ethernet cable from the Ethernet port on the terminal to the Ethernet port on the wireless adapter. Depending on how close the terminal is to the adapter, you may only need a few inches of Ethernet cable to connect the two together.

Step 4 – Run a test transaction.

In theory, everything should work properly now. You should however run a test transaction to verify this. Run a $1 transaction (Don’t use the merchant account owner’s credit card). As long as the transaction processes the way it should have, everything is setup and ready to go. You can now move the terminal and wireless adapter anywhere that is within range of the wireless network.

You now have a secure WiFi processing terminal

Otherwise, If the transaction did not process correctly you need to find where the problem is happening at, and correct it. Re-check the internet connection, and that the adapter is still properly connecting to the wireless network. If necessary, run a test transaction with the terminal plugged into the Ethernet connection to rule out any terminal problems.

Related Posts:

Verifone Omni Ethernet and IP Network Setup
Convert an Omni 3740 or 3750 for Ethernet Processing

May 11th, 2007 by Jamie Estep

What credit card terminal should you use?

Filed in: Credit Card Equipment, Merchant Accounts | 3 comments

There are about thirty credit card terminals that are currently being used for credit card processing in the United States. Of these, about five make up 90% of the terminals currently being distributed in the country.

Business owners are often told that they need some specific terminal, when in reality they are being sold something much more advanced and more expensive than they will ever need.

A few misconceptions

  • Terminals must be purchased from the company you are going to process with.
  • You should always buy the most recent, advanced terminal you can afford.
  • Terminals are expensive.

Terminals must be purchased from the company you are going to process with.

This is only true when you process with a company that has their own proprietary equipment, or one that must make a huge profit from equipment sales. The majority of processors support a wide variety of terminals from different manufacturers. I personally recommend staying away from companies that use only proprietary terminals, or ones that force you to buy excessively marked-up equipment from them. Also, free terminal programs use proprietary equipment, but this is so they can protect their investment in the equipment, and the proprietary equipment rule doesn’t apply the same to this situation.

You should always buy the most recent, advanced terminal you can afford.

This is far from the truth. While some new terminals offer additional features like WiFi, or Internet (IP Based) processing, older terminal models are generally more reliable and much cheaper than the newer terminals. The more features a terminal has, the more complicated it is to use. I can’t count how many businesses I know that still use an old Tranz 330 and P 250 combination and have no intention of switching until the last possible second. Newer is not always better.

Terminals are expensive.

There are a number of terminals that are under $200, and even advanced terminals are normally under $500 if you buy them from the right place. If you were offered some terminal for a thousand dollars, it was most likely from a company that is trying to make a huge profit from their equipment sales. You will usually see this price right before you are offered a lease. There isn’t a single terminal that is available directly to businesses that costs over a thousand dollars. Not even a wireless terminal. Do a search on Google for the terminal you are being offered and you will quickly find what it is actually worth.

So, which terminal?

Since the ability to process over an IP connection became a very desired option, I classify terminals into three categories, Land-line, Ethernet compatible, and Wireless.

For most businesses I recommend a Nurit 2085, or Hypercom T7 Plus, or Omni 3730LE / VX510LE (if your processor supports it, 3730 is better supported and costs ~$250). These terminals are all easy to use, very reliable, and cheap (<$200). The Nurit can handle multiple merchant accounts, and all have thermal printers. You wont have the ability to process over an IP connection with these, but all support additional peripherals like pinpads, smart card readers, or check scanners. Most small retail businesses will be perfectly content using one of these lower cost terminals.

If you don’t want to use up a phone line, are planning on switching your business services to the internet, or you already have a broadband internet connection and a router / switch, then an Ethernet compatible terminal is probably going to be your best bet. Currently the VX570 Ethernet has by far the best support for IP processing, but the Nurit 8400, and the Hypercom T4220 are also becoming more supported. These terminals will cost from $300 – $500 with Ethernet compatibility (about $100 less for land-line only). You should be absolutely sure that your provider supports the terminal you are interested in for IP processing before you go to purchase one. Many processors do not yet support the Nurit’s or Hypercom’s for IP processing, but almost all support the VX.

These terminals all have a built in pinpad for PIN debit processing. (The entire terminal needs to be encrypted with your processor before you can use PIN debit with it.) All terminals have a thermal printer and the VX570 and Hypercom T4220 come standard with a smart card reader.

These terminals are about as technologically advanced as any retail business will need at the present time.

Wireless terminals have advanced a long way in the past five years, and their price has dropped dramatically. Wireless terminals can be easily found between $500 and $700. My personal favorite is the Nurit 8020 GPRS, but the Way Systems terminals are coming in at a close second. There aren’t many options for wireless terminal. The Nurit 8000 is really the only well supported full-featured terminal, and the rest of the market is between the smaller wireless specific equipment manufacturers (Way Systems, Comstar, eProcessing Network, etc.). A new company called Dejavoo has introduced a very promising terminal, the Dejavoo M8, which looks to be a solid contender in the wireless markets.
Be careful when you do go to purchase a wireless terminal, especially if you decide to buy one from a company that you don’t have history with. Take a look at: How to safely Purchase a Wireless Credit Card Terminal to ensure that you aren’t buying something that you don’t want.

Other than these, I can’t recommend any other terminal except for some specific business related circumstances. One of these terminals should fit the needs of almost every business that will need a credit card terminal. You should definitely be planning for the future when you purchase a terminal, but just because a salesman said you need some advanced terminal, doesn’t always mean it’s true.

Some related reading:
Verifone Omni Ethernet and IP Network Setup

May 10th, 2007 by Jamie Estep

PIN and Signature Debit

Filed in: Merchant Accounts | 3 comments

I’ve done a few posts relating to debit card acceptance in the past. This post is designed to explain a little more about PIN and signature debit, why, and what business should be setup with debit acceptance.

PIN and Signature debit?

PIN Debit (Online debit) is the acceptance of a debit card where the card is swiped and a customer’s PIN number is transmitted to process the transaction. PIN debit can only be done through a credit card terminal or POS software system with an attached pinpad.

Signature debit (Offline Debit) is when a debit card is run as a credit card. This can be done over the internet, through a credit card terminal, or pretty much any way a credit card can be processed. Businesses inherently have the ability to accept debit cards using the signature method as long as they have a Visa or MasterCard logo on them. But, not all businesses are offered the reduced rate that is available for these types of cards.

Both signature and PIN debit are great ways that a business can save money on their credit card processing fees. PIN and Signature debit both have different interchange categories than credit cards and both will normally be cheaper than a credit card transaction if your merchant account provider offers reduced debit rates.


PIN Debit is normally a flat fee per transaction. No processing percentage no matter ho large the transaction is, just a flat fee for each transaction. Now the actual fee that you pay to process a PIN debit transaction is actually based on two fees. The fee from the processing bank (which includes the interchange fee) and the fee from the debit network provider (PULSE, STAR, etc.). These two fees are bundled into a single flat fee which is normally $.35 – $.50 per debit transaction. Technically there is a percentage and transaction fee for PIN debit, but the cap varies from $.30 – $.50 so for simplicities sake, this is almost always a flat bundled fee.

One of the drawbacks with PIN debit is that the majority of banks place daily debit limits for their customers, so if you have a high average ticket size (>$300), PIN debit may not be a good solution for you. Also, a business must have a pinpad encrypted specifically with the bank they process through for PIN debit to be possible. Pinpads can range from about a hundred dollars to over a thousand depending on the complexity of the pinpad.

PIN debit transactions are almost impossible to dispute because only the card holder knows the PIN for the card that is being processed. Normal chargeback rules do not apply for PIN transactions, and a customer must have an extremely good reason for a dispute to go through.

Signature Debit works on a fee structure similar to credit cards. A percentage of the transaction plus a transaction fee is paid on each signature debit transaction. While the percentage is normally lower than a credit transaction, the transaction fee is normally slightly higher than credit transactions due to a $.05 higher interchange fee. Signature debit offers reduced fees for all interchange and qualification categories so any type of business can benefit from a reduced signature debit rate.

A reduced debit rate is not always offered by default, so you may need to specifically ask to get a reduced rate. Also, advertising a debit rate instead of a credit rate, is one of the most common methods that processors use to lure customers that are shopping only on price. If you are offered some extremely low rate that ends up being a debit rate, make sure that your credit rate is not ridiculously high.

What is best for a business?

Any business will save on every PIN debit transaction where the sale amount is above ≈$20, when compared to a credit card. Businesses with very small ticket sizes (<$15) will probably pay a little more to the same for PIN debit transactions. Every business will save with Signature debit transactions, but a business’s merchant account must be specifically setup with a reduced signature debit rate.

A few things to look out for:

  • Check for separate PIN transaction and debit network fees. The total cost for a PIN transaction should be ≈$.50, not $.50 for each.
  • Make sure you aren’t being charged a percentage for PIN debit fees. I have seen a few times where a business was being charged the same fee for PIN debit as for credit cards.
  • Check to see how much an encrypted pinpad will cost and make sure that the cost is justifiable for your business. You can purchase a pinpad from another company, but it will need to be encrypted with your processor before you can use it. A low-end pinpad will normally cost from $75 – $150 with an additional $20 – $50 encryption fee.
  • Check for additional monthly debit access fee. These are normally $5.00 per month, but I have seen them as high as $20.00. In most cases they can be waived or reduced to $5 at the most.

May 7th, 2007 by Jamie Estep

Visa may publish a list of registered ISO’s

Filed in: Industry News |

The Green Sheet reported this morning that that Visa may be planning to list the ISO’s that are legally registered with them. They also may be starting to crack down on ISO’s that are not operating strictly according to Visa regulations.

I think that this could be a great step in cleaning out many of the bad areas of the processing industry. There are thousands of website selling merchant account services, and from my experience looking at them, I would venture to say that more than half are not complying to Visa’s ISO regulations.

This could also provide another good tool for businesses looking to accept credit cards, if it is made readily available to the public. A person could make sure the company they are planning on processing with is actually a legally registered with Visa. This wouldn’t provide any background to whether the company was providing a quality service, but it would eliminate any doubt as to their legal affiliation.

However, Visa publishing registered ISO’s could have a negative affect on independent sales agents, as many of these sites are not compliant with current regulations, but are barely non-compliant. One current regulation states that sales agents must use the exact name of the ISO that they provide services through as their own DBA. Most of these non-compliant sites could be easily fixed to properly comply to Visa regulations, but Visa is extremely picky when inspecting websites for compliance. Something that seems so simple is actually a very complicated, bureaucratic mess, when you get down to it.

The other thought that worries me is that the only affect this may bring about, is to tighten the regulations on ISO’s that are compliant while ignoring companies that aren’t registered. (Like an anti-gun control argument, “ban guns, and the criminals are the only ones left with them”.) Currently, if you are a registered ISO you are under the microscope at least once per year, but if you aren’t legally registered, Visa and MasterCard really don’t care. There’s just too many websites operating illegally for anyone in Visa to take interest. In fact, I’ve been told first hand that it’s not policy to police non-registered websites on the internet, but only the ones that are registered. They would have to drastically change this policy before anything productive ever came from listing registered ISOs.

In response to this, I created a website listing registered ISOs that I have been able to identify.

May 1st, 2007 by Jamie Estep

Can online gambling come back?

Filed in: Industry News | 2 comments

An article on MSN: Democrat proposes lifting federal ban on Net gambling talks about how a Democratic politician has proposed to lift the ban on online gambling.

While I’m not a huge fan of online gambling, I do believe that it should be legal and that the government should never have stepped in, in the first place. It would be far more beneficial to the government to regulate or tax online gambling than to completely ban it. I have read several stories in the past few months of gambling operators being arrested and business being raided because they were still involved in online gambling. I think that there are so many places that tax money would be better spend than this.

Onto the business side of the issue, the government was very effective with banning it because they effectively regulated banks from allowing US consumers to make transfers to or from an online gambling business. I know that a lot of online gambling websites went under, not to mention a huge loss in revenue from businesses that advertised, supported, or provided services online gambling companies. Hundreds if not thousands of people have lost their jobs because of this.

Looking at the issue from every side, I can really find a single group that was involved with the online gambling business (users, websites, or service providers) that at any point actually wanted the government to shut it down. Seems like the only group that possibly benefited from it were the casinos in the US that lost business from the online companies. In addition to this, the government attached the bill that banned it, to a port security bill that had absolutely no chance of being overturned. The fact that there was never a direct vote on actually shutting down this multi-billion dollar industry shows exactly how much trust the group who added it to the bill had in it being passed.

The actual chance of the bill being overturned is fairly low, but it is nice to see that someone higher up actually has taken notice to the absurdity of the situation.