Information on Merchant Accounts,
Ecommerce and Credit Card Processing

August 7th, 2006 by Jamie Estep

An ecommerce magazine

Filed in: Ecommerce |

While browsing in a forum that I often watch, I found a great ecommerce information resource. The site: Practical Ecommerce offers a magazine in both Print and Digital versions and is specifically targeted at people interested in ecommerce.

Each article covers topics relating to ecommerce. August’s magazine topics include Pay-Per-Call online advertising, securing a business’s wireless network, and an interview with Jupiter Research’s Patti Freeman Evans, just to name a few.

Each month there are a number of free, as well as premium paid articles.

The site itself features several blogs, a discussion forum, a website services directory. From what I can tell, it is shaping up to be a great source of information for both new and existing website owners, online marketers, and anyone interested in learning more in the department of ecommerce.

Check them out…

August 4th, 2006 by Jamie Estep

Requirements for Securing Cardholder Information

Filed in: Ecommerce, Guides, Merchant Accounts | 2 comments

A joint news release was issued just a few days ago from Visa, Mastercard, American Express, Diners Club, JCB and Discover outlining what businesses need to do to secure cardholder data. This brief article is applicable for all businesses and is a very easy to follow, guide to protecting cardholder information.

What makes this short guide very good, is that any one can understand it.

TO: All Merchants
FROM: American Express®, Diners Club®, Discover® Card, JCB®, MasterCard International®, Visa® U.S.A.
RE: Merchant Requirements for Securing Cardholder Information

The rising incidence of stolen cardholder account data is a major concern for all participants in the payment industry. As a result of these thefts, merchants and financial institutions suffer fraud losses and unanticipated operational expenses, and consumers are inconvenienced significantly. To protect your business, your customers (cardholders), and the integrity of the payment system, each of the card companies has in place a set of requirements governing the safekeeping of account information. This document gives a brief overview of the most critical aspects of those requirements.

Storage of Cardholder Information • Do not store the following under any circumstance:
– Full contents of any track from the magnetic stripe on the back of the card.
– Card-validation code
– the three-digit value printed on the signature panel of a MasterCard®, Visa®, Discover®Card, JCB®, or Diners Club® card, and four
– digit code printed on the front of an American Express® card.
• Store only that portion of the customer’s account information that is essential to your business
– i.e. name, account number or expiration date.
• Store all material containing this information (e.g., authorization logs, transaction reports, transaction receipts, car rental agreements, and carbons) in a secure area limited to authorized personnel.
Destruction of Cardholder Information • Destroy or purge all media containing obsolete transaction data with cardholder information.
Use of Agents or Third Parties (Vendors, Processors, Software Providers, Payment Gateways, or Other Service Providers)
• Advise each merchant bank or processing contact (representing each of your card brands) of any agents that engage in, or propose to engage in, the processing or storage of transaction data on your behalf-regardless of the manner or duration of such activities.
• Make sure these agents adhere to all rules and regulations governing cardholder information security. Any violation by your agent may result in unnecessary financial exposure and inconvenience to your business.
Reporting a Security Incident • In the event that transaction data is accessed or retrieved by any unauthorized entity, notify the merchant bank or processing contact for each card brand immediately.
• This report will not only minimize risk to the payment system, but protect your customers in the most responsible manner. Systems and procedures are in place to immediately stop the unauthorized use of compromised data, but are effective only when you do your part to promptly report a security incident.

We continue to work on your behalf to reduce payment card fraud, and offer this communication to enhance your awareness, minimize risk, and protect your customers. If you have any questions or would like to have more information, please visit our web sites or contact your representatives for any of the card brands sponsoring this correspondence.

The actual PDF is available on the download page.

August 3rd, 2006 by Jamie Estep

Accepting credit cards in other countries

Filed in: International, Merchant Accounts | 1 comment

So the problem is that you are looking to accept credit cards from your customers but your business in not located in the United States. This is a very common issue for small business owners around the world, and unfortunately there is rarely an easy answer that meets the small business’s needs.

I’m briefly going to give a little comparison on how the merchant services industry works in the US compared to other countries. This explains why processing rates are so much lower in the US than other countries.

Comparing processing

In America, businesses have several different option for who to accept credit cards with. There are independent merchant service providers (ISO’s and MSP’s), there are standard business banks, and there are sales agents that resell for ISO’s and banks. While each of these groups are associated with each other, and sometimes resell for the same companies, they also compete against each other.

In just about every other country in the world, banks have exclusive control over the credit card processing in that country. For many, it is often a single bank that controls the credit card processing for that entire country. A number of years ago, processing in America operated on a similar system. Banks eventually opened the door to allow independent service providers to exist. This in turn led to more and more competition, and eventually the credit card processing industry in America transformed to price driven instead of the former value driven industry. Coincidentally, Visa and Mastercard make a higher percentage for each transaction from businesses in America than any other country, but businesses in the US pay less to process than businesses in any other country. What outwardly appears to be an industry crammed with middle-men, actually has facilitated lowering the cost to process credit cards by over 50%.

Non-American countries are subject to very high fees for processing credit cards because the banks have a monopoly on the credit card processing. There are no independent companies providing merchant services which results in very little competition, so the banks set their prices at whatever they want. They know that their customers will pay anything they ask to accept credit cards, because the service is so valuable to businesses.

Until banks in other countries allow independent companies to resell merchant services, there is likely to be a continuing high cost to process credit cards. Unfortunately, there hasn’t been any major pushes in other countries to adapt the Bank / ISO relationship that exists in the US. Mexico, Canada, and Australia, are probably the most likely countries to move to a similar system, but no push has been made yet. As far as banks are concerned, there isn’t any reason for them to move to a different system. The banks are making millions of dollars a year in pure profit, they have 100% control over a very strong industry, they have no competition, and they have no reason to give it all up.

What are a business’s options?
Non-American businesses have a few options for processing credit cards. The can go to their local or regional bank to accept credit cards, they can use a 3rd party processor, and they can use an offshore merchant account provider.

Processing with a local bank and an offshore merchant service provider will likely be very similar. The offshore provider will be less restrictive in business type and volume, but both will have a processing fee starting around 5%. This fee will go up based on the size, volume, history, and the type of products that a business sells. If the business type itself could be considered high risk, then the business will definitely want to go with an offshore provider. The biggest drawback with both banks and offshore providers is that there is almost always a substantial setup fee. Depending on the situation, this fee can be in the thousands of dollars. Another major drawback that businesses experience with banks is that the bank will normally require them to use that bank for their business’s bank account. The bank has their own requirements for opening a business bank account, and this often comes with high minimum balances, and additional fees just for using their required services.

3rd party processors are companies like Paypal,, and worldpay. These companies process credit card for another business in the name of the 3rd party processor. For normal businesses, this practice called factoring, is strictly prohibited by Visa and Mastercard. 3rd party processing companies also draw a lot of negative attention because they undermine a customer’s ability to make a chargeback. There are countless horror stories from consumers unable to get a refund, or even make a chargeback for what turned out to be a scam or a fraudulent company. 3rd party processors are also notorious for holding, and never returning, a business’s money if there is any sign of trouble. However, 3rd party processors are often the only cost effective solution for start-up businesses. Their fees can vary from about 3% up to about 10%, but they normally lack the high start-up cost of offshore providers or banks.

3rd party processors are restricted in the fact that they can normally only be used for online purchases. They lack the ability to integrate with a credit card machine, and do not normally include a virtual terminal. There are also restrictions on what countries can use their services. A lot of African, Eastern European, and South Asian countries are prohibited. In this case, an offshore merchant provider may be the only available service.

For retail businesses, a bank or offshore merchant account provider is probably going to be the only method they can use to accept credit cards.

For a new business, I would recommend trying to find a 3rd party processor online. Check out various discussion forums, and ask around. For existing businesses or businesses that know they need an offshore merchant account, start searching online or call up your local bank. With some research, you should be able to find the best solution for your business. As with any merchant services company, if an offer sounds too good to be true, it probably is.

One last thing…
There are companies out there that will claim to be able to setup an American bank account and forwarding address for your business so that you can get a domestic merchant account. All processing banks in the US require you to have a ‘physical‘ business presence in the US. That combined with the patriot act’s stringent requirements for opening a US bank account make it pretty much impossible to go down this rout. It is probably possible to pull it off, but it is most likely illegal, and definitely expensive. If you get caught processing illegally this way, expect major repercussions from your processor, and possibly the government. Just a warning…

August 1st, 2006 by Jamie Estep

Some businesses should always accept American Express.

Filed in: Amex / Discover, Merchant Accounts | 8 comments

American express is the 3rd most widely used credit card in the US. Depending on who your customers are, not accepting American Express may be a very poor business decision.

A typical retail business’s credit card acceptance percentages will look something like:
Visa – 60%
MasterCard – 25%
American Express – 10%
Discover – 5%

10% for Amex is not a huge number, especially considering that the majority of Amex users also have a Visa or MasterCard. Amex is more expensive than Visa and MasterCard, and businesses often choose not to accept it.

When we look at businesses that sell in areas where there are a lot of business professionals, or they cater to other businesses (B2B), we see Amex percentage go up drastically. Amex has a very strong business card program that many businesses use. Something as simple as having a location near a major business center, can have a huge increase on the amount of people that want to pay with American Express.

For a moderately B2B company, the credit card usage looks more like:
Visa: 45%
MasterCard: 25%
American Express: 25%
Discover: 5%

True B2B companies will see a very large increase in Amex sales, and these can be as high as 50% or more.

Even though your customers may have a Visa or MasterCard, you may lose them as a customer if you don’t accept Amex. Businesses that take their clients out want to pay with their business card. The same thing goes for purchasing office supplies, equipment, computers, paper, food, or anything else that could be considered a business related expense. If you don’t take Amex, the people wanting to use their Amex business card will find someone else who does.

Turning down sales because they cost a little bit more, doesn’t save money because those people are no longer spending money with you.

July 31st, 2006 by Jamie Estep

The government charges a fee to use a credit card, but you cant!

Filed in: Merchant Accounts | 1 comment

Some businesses pass on a fee to their customers for them to pay with a credit card. Others offer special incentives for you to pay with cash. Both of these practices are not allowed under Visa and MasterCard regulations.

But, when you pay your utility bill or pay the government in any way, there is almost always a surcharge. Why do government organizations blatantly disregard this regulation.

The fee is 2.49% of the payment amount for this service; a minimum $1.00 fee will be applied. You will be notified of the fee amount before you complete the transaction, and have the option of changing your mind if you decide not to use a credit card.

The simple answer is that government agencies don’t care about regulations from Visa and MasterCard. Visa and MasterCard haven’t lifted these regulations for the government. The government has simple passed their own overriding regulations which state; government agencies can charge a surcharge or have a minimum requirement to accept your credit card as a form of payment. Pretty ridiculous act, that in my mind undermines Visa and MasterCard. It doesn’t quite seem right that the government can override a companies regulations to use its services, at the expense of their customers.

July 28th, 2006 by Jamie Estep

Cutting the middle-man, who is it best to process with?

Filed in: Merchant Accounts, My Favorite Posts | 2 comments

I was recently posed with the question of how a business can bypass all of the middle people in the payment processing industry, and go straight to the credit card companies. This post is briefly in regard covers that question and also covers who the best company to process with is.

Processing Flow Chart

First off, it is not within the spec of my knowledge to accurately discuss negotiating directly with Visa or MasterCard, if it is even possible. Any company that is large enough to go straight to them, would have to be processing in the hundred of millions to billions of dollars per year. If your company is smaller than say Paypal, Visa and MasterCard wouldn’t even pick up the phone.

So, who is the best company to process with?

This depends on two factors, what you are looking for in a processing company, and how big your business is. If you want the absolutely lowest cost possible at the expense of any decent service quality, then going for a middle sized ISO, that offers some absurdly low processing rate is probably the way to go (You can find these companies on EBay). On the other hand if you have ever had problems that your ISO couldn’t fix in a reasonable manner, or you want to quality service that you can stick with, a good MLS, or a good mall to medium sized ISO is the way to go.

If you ever do have problems with your merchant account, and your ultra cheap provider is slow, or generally bad at getting the problem fixed, then I guarantee that you will wish you chose a better provider.

When would you go straight to a large ISO?

Only when your business is very large. In my view, very large is defined as above ten million dollars per month. Based on that you can probably negotiate a very low rate with the ISO, but also get decent support from them. Smaller businesses will normally receive poor, generic support when they process with very large companies.

Getting good support from a provider:

Quality of merchant account support

From my experience, as the size of a company goes up past a certain breaking point, the quality of support goes down. This isn’t always the case, but it makes sense. Large companies generally have poor support because the cost to maintain a good support department is very high, in addition to the technology to integrate all of their departments into a single, reliable system.

The best service:
The best support I have ever seen for merchant services is from small, independent sales reps that are large enough to have their own office, but small enough to know their customers by name. These outside agents usually handle customer service face-to-face, and will show up at their customers place of business when needed. Their customers pay a little more for their services, but if you ask any customer they have, you wont hear even the slightest hint of negative feedback. But, not all businesses need their provider to show up at the slightest sign of trouble. For these businesses, processing with a small to medium ISO that has good telephone support and a personal account representative, will be more than sufficient. They will save some money each month, but not by sacrificing the quality of their support.

The worst service:
The worst service I have ever seen, is when small businesses believe that they will save money by processing with the largest company they can find. They later find that when they have a problem, the get to navigate through endless telephone menu’s only to be left on hold for an hour, and hopefully get the issue resolved because they talked to someone who barely spoke English. And, each time they call they speak to a new person.

The other major mistake people make is by looking for the absolutely lowest offer they can find. These companies offer super low rates, which often come with hidden charges, or a rate increase a few weeks after the merchant account is up and running. The bottom line is, when you shop for the cheapest company out there, you get exactly that. The cheapest company out there.

July 26th, 2006 by Jamie Estep

Walmart vs. Congress, Stop the retail banker

Filed in: Industry News |

If you have been following the Walmart saga, you would know that Walmart is attempting to purchase an industrial loan company (ILC) in Utah for the purchase of processing their own credit card transactions. AN ILC is basically a type of bank, that has restrictions and limitations compared to a standard bank. ILC’s are more common in western states. There also happens to be a loophole in the structure of ILC’s that can allow them to be run by Retail entities. While these ILC’s remain regulated by the FDIC, the company that owns the ILC remains free from government regulations. America has a history of keeping banks and retail industries separate, because banks are key to the stability of American economy, and commercial entities may not keep the best interests of American economy in mind when running the bank.

The significance of Walmart processing their own credit cards, is that is could save them a great deal of money each year in processing fees. Walmart processes somewhere in the neighborhood of 100 Billion dollars a year in credit and debit cards. At a volume like that, even the smallest decrease in the amount that they pay for processing credit cards could save the company a lot of money. Imagine that Walmart can only save themselves .01% if they process their own cards, they would be able to reduce their cost by over a million dollars a year. That million dollars plus, is in turn pure profit.

Walmart is no doubt the largest company in the world, bringing in over $250 Billion in revenue each year. There are only 26 countries in the world with a higher annual GNP than Walmart’s yearly revenue. One of the reasons that there are so many groups, and people opposed to Walmart purchasing an ILC is that there is an uncertainty in what Walmart will do with their new financial division. While Walmart claims that they are only going to use the ILC for processing their own transactions, there is little stopping them from entering the payment processing, and traditional banking industries with their blitzkrieg business history. If Walmart was to enter the payment processing industry with their own bank, they could effectively undercut the prices, and wreak havoc in an already saturated industry.

A bill that stood silent for over 10 years to help close the ILC loophole, is back in congress. If that bill is approved, it would effectively shut Walmart and any other super retailer out from purchasing an ILC. With substantial support on both sides of congress for closing the ILC door, Walmart may have to look at other options. But with Walmart’s history, financial backing, and the determination that they have shown in the past, it is unlikely that the bill will go through without a fight.

July 19th, 2006 by Jamie Estep

Paypal Shopping Cart Makes Spam

Filed in: 3rd Party Processors, Ecommerce, Fraud | 2 comments

Paypal has a built in shopping cart function that allows paypal users to easily add products to their website. The cart works by letting users paste an html form on their website, and when a visitor clicks on the form button, the specific product is added to their cart as they are redirected to paypal. It is a very simple, easy to use shopping cart system.

Paypal Spam

Lack of proper security:
The problem with the paypal shopping cart, is that is has a major flaw. The seller’s email address is publicly displayed in the product form on their website. This makes is easy for spammers to search for paypal product forms, and harvest the email addresses from them. What makes the problem even worse is that the email address are all but guaranteed to be good and used. They are also the same email addresses of active paypal users. This opens these users up to massive spam, and opens them up to phishing attempts of their paypal addresses. Every website that uses the paypal shopping cart, has their paypal email address displayed in the html code of their website.

If you use the paypal cart:
If you use the paypal shopping cart setup a separate email address for your product forms. This way at least you can cut down on some spam to your general email inbox. Otherwise, I would suggest finding a separate shopping cart for your website. It may take a little extra work, but you are the only one that will pay for Paypal’s lack of security.

Fixing the problem:
It wouldn’t take a lot of work for paypal to fix the problem. They would need to integrate a program that stores your email address, and replaces that space in the form with an encrypted code that links a visitor to your account. Are they going to implement something like this? Highly unlikely.

I wish that I could say that Paypal is going to take a proactive approach in resolving this simple problem, but I just cant see them going out of their way for that. Whatever the case, paypal’s system is an example of completely irresponsible programming, and their customer are the ones that are affected by it.

I completely missed this blatant disregard for customer privacy until a commenter on the blog let me know about it. Here is his original press release:

July 18th, 2006 by Jamie Estep

Outsourcing web related projects to freelance designers

Filed in: Ecommerce, Guides | 3 comments

Online marketing and website production are two very common things that I deal with. Often I come across situations where the dificulty of a task at hand exceeds anyone’s ability or time that works for my company. So, where do you go when you need to get work done, and you dont want to do it yourself. You can hire a freelancer to do it.

Why freelancers are great:
Hiring a freelance programmer / designer / marketer to do work for you can be a great method of getting things done. Most programmers, business owners, and project managers don’t have the time or resources to get everything that they need to get done. By using a freelancer to outsource some work to, you can get a highly professional product, and often at a lower cost than doing it yourself. Freelancers are professionals, sometimes with degrees, that can get just about anything done, and always at a good price. You can always have your local web deisnger, or design firm do something for you, but it normally comes at a higher price than a freelancer.

Where to hire freelancers:
There are a variety of freelance marketplaces on the internet where you can posts your specific project, and receive bids from the thousands of freelancers that watch those website’s. Freelance marketplaces work much like ebay. You post your project with specific details, a price range, and a deadline for completion of the project. A freelancer will see your project and bid on it if they have the skills to complete it, and the price is in their range for the specific work that needs to be done. When their work is complete, you pay them the agreed upon fee, and they deliver to you the finished product. After the entire transaction is complete, you rate your experience with the freelancer and they rate you as a buyer.

Just about any project imanigable can be outsourced at a freelance marketplace. Anything from search engine optimization, a basic or complex complete website, ecommerce design, graphic design, traditional marketing and advertising, advanced programming, if you can think of something, it can proably be outsourced.

About the prices:
Since you are receiving bids on your project from multiple providers, the price on your project is very fair. There is feirce competition for projects between freelancers which helps drive down the price. Prices on freelance marketplaces tend to be very reasonable. But, quality work always demands a fair price. You should be wary of providers with low or no feedback, or if their price is substancially lower than everyone else’s.

Keep in mind that while prices are low, nothing comes free. Highly complex projects are very expensive no matter who does them. Also keep in mind that if you are trying to integrate your website, or ecommerce system across to another platform, it will be expensive. Same thing goes for any type of ‘web services’ or advanced XML / SOAP / AJAX / CUSTOM DATABASE / API integration and managerment etc.

Freelance Marketplaces: (recommended) (recommended)

July 17th, 2006 by Jamie Estep

UK Banks Consider Making Customers Liable for Online Fraud

Filed in: Ecommerce, Fraud | 2 comments

Original Article

Here is a very significant story regarding banks making consumers liable for fraud if the cause was their own computer. While I think that businesses would appreciate any removal of liability on their behalf, I think it is presumptuous to assume that the average consumer has the time or resources to ensure that their computer is secure.

“HSBC has already been considering it,” Murtagh said. “There is the potential that the banks will go back to the consumer and say, ‘We’ve offered you good practice guidelines online and 12 months free antivirus. If you don’t [make use of these] we refuse to pay out.'”

If something like this occurs in the UK, I think that it could become the standard. Considering that banks are planning on offering free subscriptions to anti-virus and anti-spyware software, it seems that these consumers have no excuse.