Information on Merchant Accounts,
Ecommerce and Credit Card Processing

September 10th, 2015 by Jamie Estep

Fraud Prevention Tips

Filed in: Chargeback Tips, Fraud, Merchant Accounts |

Previously we talked about a few of the lesser known fraud types that many small businesses encounter.

fraud-lockPart 2 of our series on fraud, covers some tips to help identify and prevent the damages from fraud. Many forms of fraud can be prevented by proactive policies and often with common sense. While some schemes are so well planned that even seasoned professionals have a hard time identifying it, many types of fraud follow recognizable trends and can often be prevented. Here are some tips to help identify, prevent, and mitigate fraud.

General (applies to all business types)

  • Create a payment acceptance guide / poster for all employees and keep it readily available. This should be a short, easy to read, list of how payments should be accepted. Anything that is outside of these guidelines should be considered against company policy without approval from a knowlegeable supervisor. Keep this as short and concise as possible, it should be something an employee can review in 20 seconds or less. Most fraud will require an employee to deviate from the normal method of accepting a transaction, and this is meant to immediately prevent the lowest hanging types of fraud.
  • Talk to your employees about fraud and encourage them to notify you or a supervisor of anything suspicious or simply out of the ordinary with regard to accepting payments. This will keep everyone on the same page, and can help you and your employees develop better practices and a higher understanding of potential threats.
  • Do not ever accept an authorization number from a customer or their bank. Only accept authorization numbers generated when you process a transaction or if you manually call into your credit card processor’s authorization line.
  • Don’t allow issuing cash refunds on any credit or debit transaction that was processed as a credit card, and do not allow issuing a refund to any card other than the one used to make a payment. Basically, unless the customer entered a PIN number on a PINpad, only credit back to the original card used to make a purchase.
  • Be especially vigilant of customers requesting refunds, credits, or abnormal transactions involving prepaid gift cards. Prepaid gift cards work differently from normal credit and debit cards and some issuers have been known to have large security and functional holes in their authorization and funding systems.

Card Present

  • If available at your processor, use a terminal that supports EMV, chipped, cards. EMV eliminates fraud occurring from cards that have been electronically stolen and copied to another card. Businesses with unattended card readers such as gas stations will see the greatest benefit from EMV.
  • Make sure a supervisor is required for any returns or credits to a credit or debit card. A very large portion of fraud is committed by employees and customers in the form of issuing credits. The money issued during a credit can be difficult to impossible to account for without vigilant bookkeeping practices. Credits should always be strictly controlled.
  • When the card is present, always check the back of the credit card for a signature, before asking for ID. If no signature is present ask the card holder to sign the back of the card, then ask for their ID and see if the name and signatures match.
  • Although card brands do not permit requiring an ID as condition of accepting a payment, you can still always ask for one to verify the purchaser is the person standing in front of you and whose name is on the card.
  • Be especially vigilant of cards that appear to be damaged, potentially altered, or cards where the beginning numbers don’t match the type of card being offered (Generally beginning with 4 for Visa, 5 for MasterCard, 3 for American Express, and 6 for Discover). After printing a receipt, you can also verify the printed card numbers on the receipt match the numbers on the actual card. When thieves make copies of stolen cards, they often encode them onto cards with a completely different number or an entirely different type of card than the one the numbers were stolen from.
  • Be critical of situations where a customer’s payment isn’t typical, such as trying to pay with a series of cards that keep declining, refusing to show an ID, refusing to sign their card, etc.

Card Not Present

  • Requesting the CVV code helps ensure that the buyer has physically has the card in hand, or at least had it in their hand at one point. Electronically copied cards will not have the CVV number. While not a guaranteed method, it’s a good step to help protect your business.
  • Always use the Addresses Verification System (AVS). AVS verifies that the billing information matches what the card issuer has on file by matching both the street number and the zip code. However, AVS does not work with most international cards, so this may not be as useful to merchants who have a large percentage of customers paying with non-US issued cards.
  • Any shipments to the customer should be shipped to the billing address when possible, and shipments with a high dollar value should require a human signature with the carrier. While this can sometimes cause convenience problems, it is the best way to protect your business and guarantee that at least a human was there to receive your shipment.
  • Only use shipping services, such as UPS or Fedex, that allow you to cancel or reroute an item after it has been picked up. The only thing worse than taking a loss on fraud, is identifying a transaction as fraudulent and not being able to prevent the package from being delivered after it has been shipped.
  • Orders requesting expedited or overnight delivery should be scrutinized more than orders requesting ground or other economy shipping. It is common for customers to want their items quickly, but thieves also want to get products in their hands as quickly as possible, and will almost always pay for the fastest possible shipping method no matter the cost. Anecdotally, in more than 15 years of operating ecommerce sites, we’ve never seen a confirmed fraudulent order shipped anything less than 2nd day air, the vast majority are shipping the fastest and most costly method possible, which is typically Next Day AM or equivalent.
  • Searching the shipping address of an order in a search engine can often reveal if the order is being shipped to a forwarding address, an empty or for-sale property, or sometimes even just a vacant lot. All of these situations are a major red flag for potential fraud, and should require further review before fulfilling an order.
  • Be especially cautious of orders where the buyer changes the shipping address after ordering. This is a common method used to circumvent AVS and other address based screening methods of identifying fraud.
  • Online or phone orders where the buyer is indiscriminate about the cost of shipping or cost of the products being ordered should be considered highly probable for fraud.
  • Additionally, any customer asking for a catalog and price list when you have everything on a website should be considered suspect as well. Unsolicited requests for prices, product lists, and what payment methods a business accepts, are often nothing more than electronically generated emails from scammers scraping emails off ecommerce sites.

Additionally, take a look at our 30 second fraud checklist for ecommerce merchants.

The information above is to give you a better idea of what you can do to help protect your business from fraud. Training yourself and your staff can go a long way to protecting your business, especially if you continue to keep that training up to date as your business moves forward. New technologies may help businesses limit their risk in some ways while opening the door to other possible threats, so it important that you keep up with, and understand, the relevant practices of fraudsters. Make sure you implement standard operating procedures within your organization so that you have a baseline to judge potential threats against. Fraudsters are not in the business of getting caught, so if they see a business operating in a manner that is not conducive to their success they will often move to another target.


August 18th, 2015 by MSI Newsletters

Fraud Prevention Tips

Filed in: Monthly Newsletters |

Previously we talked about a few of the lesser known fraud types that many small businesses encounter.

Part 2 of our series on fraud, covers some tips to help identify and prevent the damages from fraud. Many forms of fraud can be prevented by proactive policies and often with common sense. While some schemes are so well planned that even seasoned professionals have a hard time identifying it, many types of fraud follow recognizable trends and can often be prevented. Here are some tips to help identify, prevent, and mitigate fraud.

General (applies to all business types)

  • Create a payment acceptance guide / poster for all employees and keep it readily available. This should be a short, easy to read, list of how payments should be accepted. Anything that is outside of these guidelines should be considered against company policy without approval from a knowlegeable supervisor. Keep this as short and concise as possible, it should be something an employee can review in 20 seconds or less. Most fraud will require an employee to deviate from the normal method of accepting a transaction, and this is meant to immediately prevent the lowest hanging types of fraud.
  • Talk to your employees about fraud and encourage them to notify you or a supervisor of anything suspicious or simply out of the ordinary with regard to accepting payments. This will keep everyone on the same page, and can help you and your employees develop better practices and a higher understanding of potential threats.
  • Do not ever accept an authorization number from a customer or their bank. Only accept authorization numbers generated when you process a transaction or if you manually call into your credit card processor’s authorization line.
  • Don’t allow issuing cash refunds on any credit or debit transaction that was processed as a credit card, and do not allow issuing a refund to any card other than the one used to make a payment. Basically, unless the customer entered a PIN number on a PINpad, only credit back to the original card used to make a purchase.
  • Be especially vigilant of customers requesting refunds, credits, or abnormal transactions involving prepaid gift cards. Prepaid gift cards work differently from normal credit and debit cards and some issuers have been known to have large security and functional holes in their authorization and funding systems.

Card Present

  • If available at your processor, use a terminal that supports EMV, chipped, cards. EMV eliminates fraud occurring from cards that have been electronically stolen and copied to another card. Businesses with unattended card readers such as gas stations will see the greatest benefit from EMV.
  • Make sure a supervisor is required for any returns or credits to a credit or debit card. A very large portion of fraud is committed by employees and customers in the form of issuing credits. The money issued during a credit can be difficult to impossible to account for without vigilant bookkeeping practices. Credits should always be strictly controlled.
  • When the card is present, always check the back of the credit card for a signature, before asking for ID. If no signature is present ask the card holder to sign the back of the card, then ask for their ID and see if the name and signatures match.
  • Although card brands do not permit requiring an ID as condition of accepting a payment, you can still always ask for one to verify the purchaser is the person standing in front of you and whose name is on the card.
  • Be especially vigilant of cards that appear to be damaged, potentially altered, or cards where the beginning numbers don’t match the type of card being offered (Generally beginning with 4 for Visa, 5 for MasterCard, 3 for American Express, and 6 for Discover). After printing a receipt, you can also verify the printed card numbers on the receipt match the numbers on the actual card. When thieves make copies of stolen cards, they often encode them onto cards with a completely different number or an entirely different type of card than the one the numbers were stolen from.
  • Be critical of situations where a customer’s payment isn’t typical, such as trying to pay with a series of cards that keep declining, refusing to show an ID, refusing to sign their card, etc.

Card Not Present

  • Requesting the CVV code helps ensure that the buyer has physically has the card in hand, or at least had it in their hand at one point. Electronically copied cards will not have the CVV number. While not a guaranteed method, it’s a good step to help protect your business.
  • Always use the Addresses Verification System (AVS). AVS verifies that the billing information matches what the card issuer has on file by matching both the street number and the zip code. However, AVS does not work with most international cards, so this may not be as useful to merchants who have a large percentage of customers paying with non-US issued cards.
  • Any shipments to the customer should be shipped to the billing address when possible, and shipments with a high dollar value should require a human signature with the carrier. While this can sometimes cause convenience problems, it is the best way to protect your business and guarantee that at least a human was there to receive your shipment.
  • Only use shipping services, such as UPS or Fedex, that allow you to cancel or reroute an item after it has been picked up. The only thing worse than taking a loss on fraud, is identifying a transaction as fraudulent and not being able to prevent the package from being delivered after it has been shipped.
  • Orders requesting expedited or overnight delivery should be scrutinized more than orders requesting ground or other economy shipping. It is common for customers to want their items quickly, but thieves also want to get products in their hands as quickly as possible, and will almost always pay for the fastest possible shipping method no matter the cost. Anecdotally, in more than 15 years of operating ecommerce sites, we’ve never seen a confirmed fraudulent order shipped anything less than 2nd day air, the vast majority are shipping the fastest and most costly method possible, which is typically Next Day AM or equivalent.
  • Searching the shipping address of an order in a search engine can often reveal if the order is being shipped to a forwarding address, an empty or for-sale property, or sometimes even just a vacant lot. All of these situations are a major red flag for potential fraud, and should require further review before fulfilling an order.
  • Be especially cautious of orders where the buyer changes the shipping address after ordering. This is a common method used to circumvent AVS and other address based screening methods of identifying fraud.
  • Online or phone orders where the buyer is indiscriminate about the cost of shipping or cost of the products being ordered should be considered highly probably for fraud.
  • Additionally, any customer asking for a catalog and price list when you have everything on a website should be considered suspect as well. Unsolicited requests for prices, product lists, and what payment methods a business accepts, are often nothing more than electronically generated emails from scammers scraping emails off ecommerce sites.

The information above is to give you a better idea of what you can do to help protect your business from fraud. Training yourself and your staff can go a long way to protecting your business, especially if you continue to keep that training up to date as your business moves forward. New technologies may help businesses limit their risk in some ways while opening the door to other possible threats, so it important that you keep up with, and understand, the relevant practices of fraudsters. Make sure you implement standard operating procedures within your organization so that you have a baseline to judge potential threats against. Fraudsters are not in the business of getting caught, so if they see a business operating in a manner that is not conducive to their success they will often move to another target.


August 18th, 2015 by Jamie Estep

Credit Card Fraud, Now Serving Small Business

Filed in: Fraud, Merchant Accounts |

This is the first of a 2 part series on common but under-reported and often unknown types of fraud that many merchants experience. Part 1 will consist of specific example scenarios and types of fraud that merchants experience often without knowing it. Part 2 will consist of ways to prevent, minimize, and identify types of fraud that may be occurring.

Credit card fraud gets talked about a lot, but most of the time the focus moves to card holder protection or a large data breach.  We hear little about the credit card scams that fraudster’s use against the small business owner because it’s hard to sensationalize one business who had a little bit of fraud. In this article we are going to go over some common approaches fraudsters use to go after business and ways your company can protect itself.

Pre-authorized transactions

If I hear about a card holder telling a merchant that they called their bank and got prior approval for a large transaction it immediately sets off my internal fraud alarm. For many people, this statement makes sense, we have all had one of our cards turned down for a completely legitimate transaction, so why wouldn’t a card holder call their issuer if they know they are about to process an abnormally large transaction. Also as a small business owner, a large sale can be a great thing and so it’s easy to get enticed by the sale and want to comply with the customer to make sure it happens.

Whatever you do, don’t take an authorization code from anyone other than your processor.  EVER!!!

I can’t stress this enough, EVER!  You need to control how the authorization code is obtained. Normally your point of sale (POS) transparently takes care of this for you during the transaction process, and rarely, you may need to contact your processor’s voice authorization system for approval. In both of these scenarios there is an electronic trail from your merchant account, through your processor, to the card issuer and back again.  An authorization code will not be valid unless there is a trail connecting your sale to the authorization code.  I also want to highlight that if you call the number on the back of the credit card they should not ever issue approval codes to you. The only authorization code you should ever trust is one obtained through your credit card terminal or POS system or if you call into “your” processor and obtain one over the phone.

So what do you do when presented with this scenario?

Taking any form of payment at this point is a likely business risk. I strongly advise you only accept cash from that customer if anything at all. You can simply tell the customer that your store policy states all authorizations have to come electronically from the terminal/POS (this should be your policy anyway). If you do decide to accept a credit card for the transaction and process it in a normal manner, there is still a measurable chance that the customer is still trying to defraud you. Know that there will be a substantially increased chance of receiving a chargeback. At the very least, make absolutely sure that the customer is the person who’s name is on the card and make sure to swipe the card through your terminal, get a signed receipt, and make sure it matches the signature on their card if there is a legible one. This is such a red flag for a deliberate fraud attempt, it would usually be appropriate to simply turn you customer out the door. The chances are better than not they are attempting to defraud you.

I need to return this

How often do you have a customer who wants to do a return for a refund?  If the original purchase was made on a credit or debit card, without using a PIN number, then you should only refund to the card that was used to make the purchase.  I hear from merchants quite regularly about someone coming to do a return but want cash instead of a credit to their card.  Many times the customer says they just don’t have the card on them, or that it was a gift and if it gets refund to the card, then the cardholder will know their gift was returned. The unfortunate truth is sometimes you get this request its coming from a fraudster.

It’s a simple scam, the merchant takes back the product, gives the customer their cash refund, and the customer then calls their card issuer and disputes the charge saying the business refused to give them a refund. Of course the business will receive the chargeback notice, and respond that they gave a full cash refund, but there won’t be any electronic proof for that refund. The card issuer is basically forced to side with the card holder and the merchant will usually lose. It will then be on the merchant to take legal action against the fraudster. To make matters worse, the merchant’s loss is essentially twice the sale amount. They lose the chargeback, and they lose the money they gave for the refund.

This scenario only applies to credit based transactions.  When you run a PIN debit transaction things are a little different.  Some processors will allow you to do a debit return, however you are going to have to swipe the original card, and the customer will need to re-enter their PIN number to complete the transaction.  Alternately as long as the card has a Visa, MasterCard, Discover, or Amex logo you can do you a normal credit return, without needing the card or the cardholder present.  If the card does not have a major card brand logo on it, you only remaining option is a cash refund.  Keep in mind that card holders can still dispute a PIN debit transaction, however it’s much more difficult.

To hedge your risk, you can offer an in-store credit to the customer. This allows the business to retain the money from the original purchase so if there is a dispute you are not losing a return and chargeback.  If the card holder has not used their in-store credit you can revoke it or any remaining portion.  Unfortunately if they used all of their remaining credit you will have lost the chargeback and a product, however your hard cost on that product will hopefully be less than having issued them a refund and paying for a chargeback.

A really large order

Let’s say you have a small hardware store, and you have a customer walk in and say I need 5,000 chainsaws. Your first thought might be something along the lines of “Cha Ching!”, and sometimes the idea of such a large sale clouds your vision as you have a quick dream of the vacation you will finally take when all that money comes in. Well come back down to earth and get your guard up as this should be the Chernobyl of red flags.
You need to start asking yourself some questions like the following, and try to look at them as an unbiased third party.  Here are just a few quick examples.

  • Why does this guy need 5,000 chainsaws?  This is an abnormal purchase for just about anyone.
  • In your experience does anything feel off about this customer?  Let your gut feel be your guide.
  • Do they seem to care about price?  When people buy in bulk they expect the price to drop, if they don’t, something probably is not right.  If they don’t even ask about price, or are willing to pay a premium, it’s even more of a red flag.
  • Why is he/she wanting to buy them from me?  This can be a hard question to not show your bias.
  • Are there more oblivious, easier, cheaper, etc. ways for this customer to obtain what they want?   This is more of an extension of the previous question.
  • Can my business survive if this sales turns out to be fraud?  Make sure you don’t take on more risk than your business can handle.
  • Are they asking for the quickest shipping method possible?
  • Are they shipping to a forwarding or foreign address?
  • If I were going to legitimately purchase 5,000 chainsaws as a consumer, is this the way I would do it?

Admittedly this example sounds to be on the ridiculous side of things, but this actually happened to a small hardware store. Things that sounds too good to be true usually are. These questions will help keep a realistic view of the situation, and will give ideas as to what questions you want the customer to answer.  If you are not comfortable with the situation you should probably not continue with the sale, or if you do, make sure you only accept cash or equivalent method that protects you from later disputes. I have seen businesses that refused to take this advice, and accepted credit card payment even after being specifically told by their processor not to. Sometimes the loss to the business is so bad, they had to close their doors after their transactions charged back.

Stay tuned for the next edition where we further discuss how to identify, prevent, and minimize the losses from certain types of retail fraud.


August 16th, 2015 by MSI Newsletters

Credit Card Fraud, Now Serving Small Business

Filed in: Monthly Newsletters |

Credit Card Fraud, Now Serving Small Business

This is the first of a 2 part series on common but under-reported and often unknown types of fraud that many merchants experience. Part 1 will consist of specific example scenarios and types of fraud that merchants experience often without knowing it. Part 2 will consist of ways to prevent, minimize, and identify types of fraud that may be occurring.

Credit card fraud gets talked about a lot, but most of the time the focus moves to card holder protection or a large data breach.  We hear little about the credit card scams that fraudster’s use against the small business owner because it’s hard to sensationalize one business who had a little bit of fraud. In this article we are going to go over some common approaches fraudsters use to go after business and ways your company can protect itself.

Pre-authorized transactions

If I hear about a card holder telling a merchant that they called their bank and got prior approval for a large transaction it immediately sets off my internal fraud alarm. For many people, this statement makes sense, we have all had one of our cards turned down for a completely legitimate transaction, so why wouldn’t a card holder call their issuer if they know they are about to process an abnormally large transaction. Also as a small business owner, a large sale can be a great thing and so it’s easy to get enticed by the sale and want to comply with the customer to make sure it happens.

Whatever you do, don’t take an authorization code from anyone other than your processor.  EVER!!!

I can’t stress this enough, EVER!  You need to control how the authorization code is obtained. Normally your point of sale (POS) transparently takes care of this for you during the transaction process, and rarely, you may need to contact your processor’s voice authorization system for approval. In both of these scenarios there is an electronic trail from your merchant account, through your processor, to the card issuer and back again.  An authorization code will not be valid unless there is a trail connecting your sale to the authorization code.  I also want to highlight that if you call the number on the back of the credit card they should not ever issue approval codes to you. The only authorization code you should ever trust is one obtained through your credit card terminal or POS system or if you call into “your” processor and obtain one over the phone.

So what do you do when presented with this scenario?

Taking any form of payment at this point is a likely business risk. I strongly advise you only accept cash from that customer if anything at all. You can simply tell the customer that your store policy states all authorizations have to come electronically from the terminal/POS (this should be your policy anyway). If you do decide to accept a credit card for the transaction and process it in a normal manner, there is still a measurable chance that the customer is still trying to defraud you. Know that there will be a substantially increased chance of receiving a chargeback. At the very least, make absolutely sure that the customer is the person who’s name is on the card and make sure to swipe the card through your terminal, get a signed receipt, and make sure it matches the signature on their card if there is a legible one. This is such a red flag for a deliberate fraud attempt, it would usually be appropriate to simply turn you customer out the door. The chances are better than not they are attempting to defraud you.

I need to return this

How often do you have a customer who wants to do a return for a refund?  If the original purchase was made on a credit or debit card, without using a PIN number, then you should only refund to the card that was used to make the purchase.  I hear from merchants quite regularly about someone coming to do a return but want cash instead of a credit to their card.  Many times the customer says they just don’t have the card on them, or that it was a gift and if it gets refund to the card, then the cardholder will know their gift was returned. The unfortunate truth is sometimes you get this request its coming from a fraudster.

It’s a simple scam, the merchant takes back the product, gives the customer their cash refund, and the customer then calls their card issuer and disputes the charge saying the business refused to give them a refund. Of course the business will receive the chargeback notice, and respond that they gave a full cash refund, but there won’t be any electronic proof for that refund. The card issuer is basically forced to side with the card holder and the merchant will usually lose. It will then be on the merchant to take legal action against the fraudster. To make matters worse, the merchant’s loss is essentially twice the sale amount. They lose the chargeback, and they lose the money they gave for the refund.

This scenario only applies to credit based transactions.  When you run a PIN debit transaction things are a little different.  Some processors will allow you to do a debit return, however you are going to have to swipe the original card, and the customer will need to re-enter their PIN number to complete the transaction.  Alternately as long as the card has a Visa, MasterCard, Discover, or Amex logo you can do you a normal credit return, without needing the card or the cardholder present.  If the card does not have a major card brand logo on it, you only remaining option is a cash refund.  Keep in mind that card holders can still dispute a PIN debit transaction, however it’s much more difficult.

To hedge your risk, you can offer an in-store credit to the customer. This allows the business to retain the money from the original purchase so if there is a dispute you are not losing a return and chargeback.  If the card holder has not used their in-store credit you can revoke it or any remaining portion.  Unfortunately if they used all of their remaining credit you will have lost the chargeback and a product, however your hard cost on that product will hopefully be less than having issued them a refund and paying for a chargeback.

A really large order

Let’s say you have a small hardware store, and you have a customer walk in and say I need 5,000 chainsaws. Your first thought might be something along the lines of “Cha Ching!”, and sometimes the idea of such a large sale clouds your vision as you have a quick dream of the vacation you will finally take when all that money comes in. Well come back down to earth and get your guard up as this should be the Chernobyl of red flags.
You need to start asking yourself some questions like the following, and try to look at them as an unbiased third party.  Here are just a few quick examples.

  • Why does this guy need 5,000 chainsaws?  This is an abnormal purchase for just about anyone.
  • In your experience does anything feel off about this customer?  Let your gut feel be your guide.
  • Do they seem to care about price?  When people buy in bulk they expect the price to drop, if they don’t, something probably is not right.  If they don’t even ask about price, or are willing to pay a premium, it’s even more of a red flag.
  • Why is he/she wanting to buy them from me?  This can be a hard question to not show your bias.
  • Are there more oblivious, easier, cheaper, etc. ways for this customer to obtain what they want?   This is more of an extension of the previous question.
  • Can my business survive if this sales turns out to be fraud?  Make sure you don’t take on more risk than your business can handle.
  • Are they asking for the quickest shipping method possible?
  • Are they shipping to a forwarding or foreign address?
  • If I were going to legitimately purchase 5,000 chainsaws as a consumer, is this the way I would do it?

Admittedly this example sounds to be on the ridiculous side of things, but this actually happened to a small hardware store. Things that sounds too good to be true usually are. These questions will help keep a realistic view of the situation, and will give ideas as to what questions you want the customer to answer.  If you are not comfortable with the situation you should probably not continue with the sale, or if you do, make sure you only accept cash or equivalent method that protects you from later disputes. I have seen businesses that refused to take this advice, and accepted credit card payment even after being specifically told by their processor not to. Sometimes the loss to the business is so bad, they had to close their doors after their transactions charged back.

Stay tuned for the next edition where we further discuss how to identify, prevent, and minimize the losses from certain types of retail fraud.


July 15th, 2015 by J B

Wireless With Strings Attached

Filed in: Monthly Newsletters |

Do you need to process credit cards wirelessly?

In the past there was only one option when it came to truly mobile processing, the cellular credit card terminal. While these devices work great and offer fast stable processing, they can be expensive and usually come with additional monthly cellular fees from a wireless provider. As technology has progressed so have the wireless processing options, like the smartphone or tablet. These devices use an existing smart device and convert it into a credit card terminal.

Square popularized smartphone and tablet processing which is now the fastest growing wireless processing option today. There are currently multiple options when it comes to processing a transaction on a smartphone, and many people don’t realize their existing merchant service provider probably has smartphone processing options already available. If your business has looked at accepting wireless payments in the past and decided it was cost prohibited then it might be time to take another look. We currently offer MS Mobile for our current and new merchant account customers. MS Mobile uses an anti spin card reader that plugs into a headphone jack. Unlike other mobile specific providers, MS Mobile customers still get the same 24 / 7 support for their equipment and services and a dedicated account manager whom they can correspond with for any future needs.

Dejavoo Z9 WiFi Credit Card Terminal

“I thought a Wifi terminal would have a battery?”

We can’t tell you how many times over the years we’ve spoken to merchants who want a terminal they can connect to Wifi, but for years the only offerings were Ethernet based devices. Wifi terminals are becoming more prevalent which is wonderful for those of us who don’t want to run yet another wire to the checkout counter. Many of the Wifi devices miss the mark by leaving out key features that would otherwise make them a go to terminal for almost any merchant. Dejavoo’s Z9 seems like it was designed to be the exception. The Z9’s is a very capable terminal with all the bells and whistles you would expect and a price tag comparable to other terminals with its features.

The Features:

The Z9 Wifi is a small handheld terminal with a 3.5″ color touch screen and built in printer. Dejavoo outfitted this new device not only with features that will keep it relevant for years, but also one of the Wifi cards available in credit card terminals today. As you should expect it supports EMV so it’s ready for the October 1st liability shift and the Z9 is also enabled with NFC so you’re ready to accept contactless payments like ApplePay and Android Pay without additional hardware. One of our favorite features, normally only found on cellular based terminals, is a built in battery, which is hugely beneficial for mobile businesses. This means, if the merchant has access to a WPA-2 or better encrypted Wifi connection, they don’t need to maintain a wireless fee to a cellular provider to use a robust terminal.

Optional Docking Station:

Like everything that’s designed to be small and mobile, WiFi terminals have their drawbacks, however Dejavoo has done a good job of overcoming those with their optional docking station that expands the terminals capabilities. While the terminal itself doesn’t have any connectivity ports like a traditional phone line or Ethernet, the docking station provides those and more. It even adds Bluetooth support allowing it to be wirelessly connected to a separate printer that can hold a much larger paper roll.

Conclusion:

We have been very impressed by the Z9 Wifi after playing with it the past few weeks. It’s a small, easy to use, mobile terminal and with the optional docking station it goes from a compact terminal to an all-around great fit for most any business. The Wifi terminal itself carries a price tag of just $350 which for a Wifi device with EMV, NFC, and a battery, is exceptional. The optional docking station is an additional $85, but for merchants who have a storefront and do mobile events as well, you get a device that is both a small mobile terminal and a counter top work horse.


July 8th, 2015 by Jamie Estep

Nickel and Dimed to Death – FANF

Filed in: Merchant Accounts |

FANF or Fixed Acquirer Network Fee yet another cost riding on your merchant account.

What is the Fixed Acquirer Network Fee?

After the Durbin Amendment added new regulations regarding payment processing, Visa came up with the Fixed Acquirer Network Fee (FANF) to offset their lost revenue. These new charges that went into effect in April 2012 were one of two sliding scale fee structures, one being based on the number of locations, and the second being based on dollar volume processed in a month. For card present businesses, excluding fast food, the fee will be based on a business’s number of locations, ranging from $2.00 to $85.00 monthly per location. For card not present businesses and fast food the fee is based on monthly processing volume, ranging from $2.00 to $40,000.00 per month. Clearly most businesses are going to stay on the lower side of these ranges and shouldn’t fear a $40,000 FANF fee, as you would need to be processing more than $400 million a month in credit cards.

Can I be exempt from this fee?

Yes! But most businesses will not qualify. There is only one Merchant Category Code (MCC), 8398, that is exempt from paying FANF. MCC 8398 is the code for Fundraising for Charitable and Social Service Organizations. If more than 50% of credit card volume is not for fundraising then the merchant is no longer exempt from paying the fee. Note: Visa is watching closely for miss-categorized businesses as many companies think they qualify under this MCC when they do not.

There is one other exemption, but again probably not going to work out for you… Low to no processing, if you process less than $200 in a month the FANF is $0.00 and charged at 0.15% of volume between $200 and $1250 for card present merchants.

Basically either your business fits perfectly into MCC 8398 or you’re paying FANF.

See full cost tables for Visa’s FANF fee


June 4th, 2015 by MSI Newsletters

Nickel and Dimed to Death – FANF

Filed in: Monthly Newsletters |

FANF or Fixed Acquirer Network Fee yet another cost riding on your merchant account.

What is the Fixed Acquirer Network Fee?

After the Durbin Amendment added new regulations regarding payment processing, Visa came up with the Fixed Acquirer Network Fee (FANF) to offset their lost revenue. These new charges that went into effect in April 2012 were one of two sliding scale fee structures, one being based on the number of locations, and the second being based on dollar volume processed in a month. For card present businesses, excluding fast food, the fee will be based on a business’s number of locations, ranging from $2.00 to $85.00 monthly per location. For card not present businesses and fast food the fee is based on monthly processing volume, ranging from $2.00 to $40,000.00 per month. Clearly most businesses are going to stay on the lower side of these ranges and shouldn’t fear a $40,000 FANF fee, as you would need to be processing more than $400 million a month in credit cards.

Can I be exempt from this fee?

Yes! But most businesses will not qualify. There is only one Merchant Category Code (MCC), 8398, that is exempt from paying FANF. MCC 8398 is the code for Fundraising for Charitable and Social Service Organizations. If more than 50% of credit card volume is not for fundraising then the merchant is no longer exempt from paying the fee. Note: Visa is watching closely for miss-categorized businesses as many companies think they qualify under this MCC when they do not.

There is one other exemption, but again probably not going to work out for you… Low to no processing, if you process less than $200 in a month the FANF is $0.00 and charged at 0.15% of volume between $200 and $1250 for card present merchants.

Basically either your business fits perfectly into MCC 8398 or you’re paying FANF.


June 2nd, 2015 by MSI Newsletters

Apple Pay, is it worth the bite?

Filed in: Monthly Newsletters |

What is Apple Pay all about, do I need to accept Apple Pay, and do I need new equipment?

Apple Pay was rolled out fall of 2014 with headlines blasting out how it was going to change the payment industry. Now that it’s been out for six months and the hype has died down, it’s time to decide to accept Apple Pay or ignore it as a passing fancy.

Apple Pay is another attempt at a mobile wallet payment solutions using Near Field Communication or “NFC”. Earlier attempts at a mobile wallet included Walmart, Chase, PayPal, and Google, however none of these wallets gained widespread acceptance. Apple is now taking a stab at mobile payments with their Apple Pay service, which is designed to allow iPhone users to store their credit cards on a phone app system and use existing NFC technology to process transactions. This can be done through a merchant’s credit card terminal as long as they have the right system in place. NFC technology can also be used on many of the new EMV compatible credit cards currently being rolled out. These cards you may have noticed have a chip embedded in the card itself so the card doesn’t have to be actually swiped on the terminal. It can simply be waved close to the terminal reader around 15 inches and it will be read as if you actually swiped the card. By using the existing credit card networks this has allowed Apple Pay to grow faster and be accepted in more places than any of the other previous attempts at a mobile wallet.

There are a few big box retailers who have tried to develop their own systems to circumvent the credit card networks or have boycotted Apple Pay. Best Buy and Walmart are two examples of companies attempting their own mobile systems and CVS Pharmacy and Rite-Aid have actually turned off all NFC capable payment devices. This effectively stopped Apple Pay from working at their stores. Although Apple certainly isn’t the first company in the digital wallet / mobile payments space, they are thus far the most successful in the least amount of time. The buzz and hype around their service has really helped to increase the number of businesses accepting those payments. With an iPhone that supports Apple Pay one can simply add their current credit cards into the device through the Passbook app, and after a quick verification with the card issuer, the iPhone is ready to make payments at more than 700,000 locations.

The other benefit of Apple Pay is if you get the right equipment, it will work perfectly with the new EMV credit cards. The October 1st EMV deadline is approaching, so we encourage merchants to have the ability to accept NFC / Apple Pay payments and get EMV compliant at the same time.

The terminals we recommend for EMV and Apple Pay are:
Verifone VX520 – $220.00 (Free with a new merchant account)
Ingenico ICT250 – $235.00 (Free with a new merchant account)
First Data FD130 – $326.00(Free with a new merchant account)
Clover POS System (Starting at $1100 or $49 per month lease, up to $500 credit with a new merchant account)
Shopkeep POS System (From $600 – $1200 depending on features, up to $500 credit with a new merchant account)

Which Apple products support Apple Pay?

For In Store purchases the options today are the iPhone 6 and iPhone 6 Plus, however later this month the Apple Watch will launch enabling users who buy it to take advantage of Apple Pay on an IPhone 5, 5c, or 5s. Keep in mind that the iPad Air 2, and iPad mini 3 also support Apple Pay, but at this time it’s only for Apple app purchases. Going forward we expect most new Apple product to have NFC built-in, meaning more devices will support Apple Pay.

How is Apple Pay Secure?

You might be surprised to know that when using Apple Pay, credit card numbers are not stored on the device or even on an Apple server. When someone adds a credit card to Passbook during the registration process, the card is issued an unique token stored only in the that device’s secure element. Since the device doesn’t store the credit card numbers, it and the point of sale hardware use the token and a transaction specific security code to seek approval from the card issuer. This means card data is never shared between the card holder and the merchant, which from a security stand point is a big deal. If someone, either an employee or a nearby third party is trying to scan card numbers, the only information they could hope to get would be unusable for future transactions.

What if an iPhone is lost or stolen? If an phone does end up in the wrong hands, the owner no longer needs to cancel all of their cards such as when someone loses their wallet. If they have enabled the Find My iPhone feature, they have options like locking the phone so it’s unusable, and/or completely wiping all data from the device. Even if someone gains access to the phone they would still need the owner’s finger print to process the payment.

Compared to traditional credit and debit card transactions, Apple Pay offers substantially better security for both the merchant accepting the payment and the customer making it.

How do I accept Apple Pay?

Accepting Apple Pay requires that you have an NFC enabled credit card terminal or Point of Sale, and a processor who supports it. If you have recently purchased a terminal, there are ways to verify if it has the ability to accept NFC, or Contactless payments. Your processor should be able to assist you in that process. If you have a credit card terminal that’s more than a year or two old it’s likely that you will need a new terminal or a stand-alone NFC peripheral to accept Apple Pay. The Merchant Equipment Store is able to help you make the best decision to match your needs.

The bottom line is that it looks likes Apple Pay is may be the first and only worth mobile wallet that has so far been made available to consumers. Apple, by using the existing credit card systems has made it relatively easy for merchants to accept Apple Pay payments. Banks, stores, and companies are jumping on the bandwagon and eagerly pledging their support for Apple Pay. But more importantly, if you haven’t upgraded your equipment to accept the new EMV cards, you can do so and at the same time enable yourself to accept the Apple Pay transactions.

 

Find out more about Apple Pay or get a free Apple Pay acceptance sticker, or call (888) 528.0058 with questions or for more information.


Clover POS System

Verifone VX520

First Data FD130
Related information: Digital Trends Apple Pay

June 1st, 2015 by MSI Newsletters

What is all this talk about EMV and Credit Cards?

Filed in: Monthly Newsletters |

You’ve probably heard about new changes to the processing industry by now, called EMV.

EMV is the global standard for processing a credit card and stands for Europay, Mastercard, and Visa, but more importantly, EMV is just a more secure method of processing a credit card payment through a credit card reader. Each credit card will have an embedded microchip. These chips will hold all of the card holder information and act as a mini computer. The EMV cards are inserted into a slot instead of swiping through a magnetic card reader. making it extremely difficult to duplicate. The card and the reader securely transfer information back and forth to the card issuer during the sales process which will help increase security and reduce fraud. EMV is also known as chip and PIN or chip and signature depending on whether a person PIN number is required when processing a transaction.

How does EMV affect my business?

Due to increasing fraud over the past 2 decades, card associations in the US have mandated that EMV be adopted in the US. What EMV does is make it extremely difficult for a retail business to accept a forged credit card. Some business types, such as gas stations and other unattended products, are more likely to be victims of accepting forged credit cards, but fraud is a problem that affects every business and EMV will go a long way to reducing these types of fraud. For online and businesses that accept transactions primarily over the phone, EMV will have very little effect in the short term. However, it is anticipated that in the future, EMV technology will be incorporated to on-line or card not present processing. The bottom line is the more businesses that switch to EMV and the more card holders who have EMV cards, the less likely it will be for any card to be illegally copied. It is very easy to duplicate a payment card with a magnetic stripe but extremely difficult, on the verge of impossible, to duplicate a chip embedded card. The migration to EMV cards is geared specifically towards decreasing chargebacks and fraud in the United States.

On October of 2015, a liability shift will occur, specifically with respect to fraudulent transactions on cards that have been illegally copied. As of now, when a merchant swipes a card which later turns out to have been illegally forged, the bank that issued the card is responsible for reimbursing the card holder for any fraudulent charges to their account. In October, this will change, and a merchant will assume liability if they do not accept EMV transactions. In the interim, US credit cards will be issued with both the chip embedded and the magnetic stripe until EMV or an alternative is created for card not present transactions, and the majority of merchants have adopted EMV.

Am I required to buy a new EMV terminal?

At this time you are not required to support the new EMV technology. But bear in mind that you will be the weakest link in the credit card payment flow and will be increasingly more susceptible to credit card fraud. As the US migrates to this new technology, criminals will inherently target the systems with the most vulnerable security. It is estimated that by October of 2015 70% of all cards will have been replaced with chip enabled cards, and it’s already being reported that fraud is on the rise ahead of US EMV implementation.

Many terminals deployed in the past five years are already chip capable and may only need to be reprogrammed, so not all merchants will need to upgrade their processing equipment. As of now, most point of sale systems are not EMV ready.

What if I don’t upgrade my equipment?

Normally, a card issuer is liable for fraudulent transactions resulting from forged or copied credit cards. After October, 1st 2015 merchants not compliant with the EMV chipped card technology will assume this liability.

What are my options for accepting EMV cards?

The Merchant Store carries several different terminals and Point of Sales systems that are EMV compatible. We recommend the VeriFone VX520 EMV, the First Data FD130, and the First Data Clover POS system. The VeriFone VX520 with EMV capability retails for under $200, the FD130 under $350. The Clover POS system starts at $1,100 or $49.95 per month to lease for a single station, full featured POS system with a printer.
Additional Resources

Mastercard EMV
Visa EMV Readiness Guide pdf


May 14th, 2015 by Jamie Estep

1099 Nightmare

Filed in: Merchant Accounts | 1 comment

Are you missing some of your Deposits?

It could be the IRS!

From time to time we hear horror stories from merchants with deposits that seem to be missing money. Several weeks ago we heard from such a merchant with this experience.

He said the scariest part initially is that no one knew where his money went. His processor could see his batches, and his funding reports, and everything added up. But when it came to his bank statements he was missing about 30% from each deposit. He told us he was just sick when he added up all the missing funds and it came out to around $30,000. It took him and his processor more than a week to sort out where the funds had gone, and once found, he learned that he was not going to be able to access those fund until the following year.

Where did his money go you might wonder? This merchant was a victim of the new IRS regulations which allow the IRS to place an account on a mandatory 28% withholding. In 2008, buried in the middle of the Housing and Economic Recovery Act was a provision that had nothing to do with housing but was a new requirement that banks and credit processors must now report payments to the IRS. The rule, which took effect in 2012, was meant to “improve voluntary tax compliance” by business taxpayers to help the IRS determine whether their tax returns are correct and complete. This is where the 1099-k was born.

Merchants are now required to complete a W-9 form for their credit card processor, if in the prior calendar year, they received payments:

  • from payment card transactions (e.g., debit, credit or stored-value cards), and/or
  • in settlement of third-party payment network transactions above the minimum reporting thresholds of –
    • gross payments that exceed $20,000 AND
    • more than 200 such transactions

So now it is required that your merchant account provider collect and verify every merchant TIN (Taxpayer Identification Number). At the end of the year, merchant account providers file 1099-k forms reporting annual gross payments processed by credit or debit cards to the IRS. Not only must the TIN match but the address and name must match exactly to the IRS or there will be what is called a TIN mismatch. If the mismatch is not corrected by the end of the year (starting in 2014) then the processor is required to withhold 28% of the merchant account deposits. In addition some states have jumped on the bandwagon (California for one example) and require the processor to withhold an additional 10%.

The deadline to impose the penalty for most major credit cards was initially required to begin in 2012. However, the IRS postponed the requirement until October 2014. If a merchant’s TIN was not valid by this time, they will start to see revenue withheld. Any merchant who receives a “B” notice initiated by the IRS will have 30 days to respond prior to mandatory IRS-directed withholding of a minimum of 28% of gross sales.

The crux of the whole situation, is that IRS guidelines do not permit the held funds to be immediately returned to the merchant. But rather, the merchant can re-acquire them when they file their tax return. Unfortunately, businesses aren’t going to file their current year tax return until sometime in the following year at the very earliest. Additionally, the way this revenue is treated, it is very possible that the funds being held are simply used to offset any tax owed to the IRS at the time of their filing. To summarize, the way this money is held is an extremely painful burden to a merchant who was anticipating their normal sales revenue to be in their bank account.

Where can a merchant find out if they have a TIN mismatch?

A merchant’s name and TIN should match those used on the tax return in order to match the IRS database. The merchant account provider should have been sending notifications via mail, email, phone, and/or fax, in addition to special statement messages if a merchant is in risk of having their money withheld. Many processors also offer an online merchant portal where merchants can go to verify this information.

If you have any doubt please contact your agent or your processing company. If the IRS begins withholding there is no way to get the funds released until you file your return the following year. You can stop the withholding by becoming compliant but you won’t get the monies that have been held until you file your return.

In the event that your money is held, we strongly suggest speaking to a knowledgeable CPA or tax attorney so that you can fully understand the implication of having money held this way.