Information on Merchant Accounts,
Ecommerce and Credit Card Processing

February 11th, 2009 by Jamie Estep

Visa Alerts of Floral Credit Card Fraud

Filed in: Fraud, Industry News, Merchant Accounts | 2 comments

Visa issued another security alert today specifically for Floral Merchants. Given that Valentines Day is a few days off, this is important for many businesses out there. None of this is ground breaking news, but extra care should be taken by floral merchants when accepting payments over the phone, fax or online. If you aren’t, take some extra steps to prevent fraud, CVV2 may help in this case which cost nothing extra to process with. Also, be very wary of extremely large orders.

Typically fraudsters look for times when business are most vulnerable, and when business picks up a lot, oversight is often the result.

Illegitimate customers are placing orders for flowers using stolen credit card information. The orders are typically placed via fax, e-mail, and/or hearing-impaired relay calls. The perpetrator then requests that the florists wrap the flower arrangements in various amounts of cash and bill the difference to the credit card number(s) provided. These orders have been known to reach $4,000.00. A shipping address for the order is then provided to the merchant.

In some instances, the perpetrators have been known to hire an unsuspecting accomplice to pick up the flowers in person. This accomplice is then instructed to ship the flowers via UPS or the U.S. Postal Service.

When the true cardholder receives the floral charge on their monthly statement, they will initiate a chargeback, as the order was placed without their authorization. As a result, the merchant will become liable for the fraudulent sale.

February 4th, 2009 by Jamie Estep

Spotting large scale credit card fraud

Filed in: Fraud, Merchant Accounts | 11 comments

Card issuers have massive computer systems that handle transaction processing. These companies also have some very advanced and large scale fraud detection systems.

Every time a credit card is reported as stolen, a huge amount of past data about that card is put into a big database. This database of pre-fraud activity is used in a large algorithm to look for similarities, which can signal the origination of stolen or lost credit card numbers. Since Visa and MasterCard have access to billions of transactions worth of information, they can screen for events that may signal that a business is losing card numbers.

If you were to greatly simplify this system and a map from it, it would look something like this:

Fraud Detection

In this case, the similarity is a single business where all of the stolen credit cards had been used before the cards had been involved in fraudulent activity. This could potentially be the sign of an employee skimming card numbers, or a breach in a database. There are always going to be coincidences involving data on a large scale, but because of the scale, it’s very difficult to end up with false positive fraud once a margin of error is established.

Continue Reading »

February 2nd, 2009 by Jamie Estep

Visa issues security alert

Filed in: Fraud, Industry News | 11 comments

A few days ago, Visa issued a security alert (possibly in reaction to the recent Heartland breach) outlining some specific applications and IP addresses to look out for. What is unique about this alert that I’ve never seen before is that Visa gave a very specific list of malicious applications to search for on a network/computer, and a specific list of IP’s to block.

This tells me that Visa has explicitly identified threats, where they are originating from, and these locations are static enough that blocking them would actually do some good (IP blocking is a terrible way to prevent/stop malicious behavior).

Download the security alert »

Continue to Table 1 and Table 2 »

January 27th, 2009 by Jamie Estep

Just how big was the Heartland security breach?

Filed in: Fraud, Industry News, Merchant Accounts | 4 comments

I have been looking over a 2007 Nilson Report, specifically about the number of credit cards being used in the US. I then though, how much of an impact could the heartland security breach have on the US credit card industry as a whole? How big is the US credit card industry?

To start off, it is still unknown how many card numbers were actually stolen in the Heartland Breach. But, it is known that as many as 600 Million card numbers were exposed to malicious software. In terms of security (and logic in general), you can only assume the worst case until you can later prove that the situation is better (There is no innocent until proven guilty when it comes to security). So how many cards is 600 Million?

These are not exact numbers but are close… In 2007, there were about 200 Million card holders in the US. Of these card holders, they owned 321 Million Visa cards, 279 Million MasterCard cards, 52 Million AMEX cards, and 57 Million Discover cards. This makes a total of 709 Million credit cards. Since the account activity averages about 60% across all cards, there are roughly 420 Million active credit cards being used in the US.

Now putting this all together, the number of cards potentially stolen is about 50% more than every single active card of every cardholder in the entire country. Given the size of the breach, it’s unlikely that your card was not compromised if you made a purchase in the US between April and December.

Unfortunately a breach like this will have a negative impact of the entire credit card industry. I’ve heard a lot of “they had it coming” and cheers of joy from other people in my industry, but make no mistake, this is bad for everyone! We have yet to see the real start of what this is going to cost heartland and the credit card industry as a whole. I cannot imagine a scenario where Heartland comes out of this in one piece. They may prove me wrong, but the damage from this looks to be too great for any processor in the world to reasonable handle.

January 20th, 2009 by Jamie Estep

Heartland Suffers Massive Data Breach – update

Filed in: Industry News, Merchant Accounts | 2 comments

Heartland payment systems today has been reported to have been victim to one of the largest credit card data breaches in history.

Heartland discovered malicious software that was recording credit card information as it was being sent to heartland for processing. Heartland processes roughly 100 millions transactions per month, for 250,000 US businesses.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

Right now it is currently unknown how much data has been collected, how/if it has been used, or how long the malicious software was recording information. The current largest data breach in history was about 45 million card number by TJX (TJ Max and Marshals) which cost the retailer almost $2 Billion dollars. Depending on how much data was lost, this breach could surpass the cost of the TJX breach.

I’ve been reading comments on various blogs and new sites on the internet and so far there is a lot of backlash and anger from consumers and businesses. We’ll see in the near future how this breach will affect Heartland, but it seems safe to assume that this will be an extremely costly event for one of America’s largest ISO’s.


The software on the Heartland’s network was installed as early as May. Based on the volume of transactions, as many as 600 million card numbers were potentially vulnerable, although the actual number stolen was likely less than this. With that sort of exposure, and the sheer number of merchants that process with heartland, it’s not impossible that every single card holder in the US was exposed in this data breach.

January 13th, 2009 by Jamie Estep

Merchant accounts as a measurement of the economy

Filed in: Merchant Accounts | 3 comments

During a recession or a downturn in the country’s economy, we typically see the unemployment rate go up. In the current situation, the unemployment rate has gone up a lot.

One of the few good things that comes from unemployment, is that it creates situations that allow new businesses to start up. What better motivation to start your own business than getting laid off?

One of the interesting facts about the credit card processing industry, is that we generally see an increase in new businesses during an economic downturn, especially when it involves a lot of lay offs and lost jobs.

Economy - Merchant Account Trends

This is blatantly apparent when comparing Google’s trend graph for the term “Merchant Account” to the S&P500 Index. The increase in searches for merchant account is a delayed inverse to the crash in stock price, which in this case is a good indicator of the country’s economy.

This is a positive trend to me, because it’s apparent that people are still getting out there and trying to open their own businesses. Financing is a major hurdle right now, but there are signs that we will see an increase of new businesses in the months to come. Real-estate is cheap, competition is evaporating, and those businesses who can get established in a difficult economy should excel when things do pick up again.

January 7th, 2009 by Jamie Estep

Let Your Average Sale Determine “Your” Good Rate

Filed in: Merchant Accounts | 3 comments

Here’s a little comparison on how a business’s average sale size affects their processing cost.

If a business processes $10,000 per month, here is how the business’s ticket size affects their overall cost.

Average Ticket to Cost

If you have a low average ticket, it is more important to have a low transaction fee than a low processing rate. Conversely, if your average sale amount is greater than about $80, the transaction fee becomes almost negligible.

Knowing how your average ticket size affects your overall cost is extremely important when looking for a merchant account provider. Not knowing how this affects your fees, will undoubtedly cost your business extra. This is yet another reason why shopping for the lowest advertised cost is a good way to get a bad deal.

Related Posts:
The processing fee is the least important one on your application!

January 6th, 2009 by Jamie Estep

Cost Calculators Update

Filed in: Company News, Tools |

We’ve spent a few days updating our calculators on our main website. The new version work much better than the previous versions. We are also in the process of adding fee comparison calculators for 3 tier and pass-through merchant account fees.

Current calculators:
Simple merchant account cost calculator
Advanced cost calculator
Lease cost calculator

January 5th, 2009 by Jamie Estep

No More Free Checkout from Google

Filed in: 3rd Party Processors | 3 comments

Until now, Google Checkout merchants who advertise on Google’s Adwords platform, have received credit for use toward Google Checkout fees they incur. However, due to Google tightening financials, Google Checkout is no longer free or even reduced for Adwords users. Un-Google like, they didn’t even notify current Google Checkout users prior to dumping the Adwords credit system in December. By doing this, all of the December holiday Google Checkout sales paid fees for the service.

Now, the question in the near future is whether Google Checkout can really stand on it’s own.

Google claims that there are enough consumers using and preferring Google Checkout, the system no longer needs to operate as a loss leader to function.

“Why have it as a loss leader if it’s doing OK?” he said. “We saw very healthy results after we decided to charge for the service.”

I think that Google Checkout is going to have a tough time keeping support without offering incentives for retailers to use it. We saw a massive drop when they stopped giving consumers incentives to use it. It simply doesn’t have the consumer support to make it sustainable for the merchants using it. In the past six months or so there’s been speculation of Google dropping the Google Checkout program. This may simply be Google way of letting the program die, especially since this change was never properly announced.

With Paypal stronger than ever and the emergence of Amazon’s payment service, Google Checkout will most likely need to find some new way to garner additional support, or be lost in the history of internet failures.

December 30th, 2008 by Jamie Estep

Best wishes for 2009

Filed in: Merchant Accounts | 1 comment

2008 will end as one of the most dreadful business years in history. Most business will continue with tough time in the coming months. I can only hope that jobs open up, business picks up, and our economy begins to make some sort of rebound.

I do believe that we will be looking at a different landscape when our economy eventually comes around. One thing is for certain, the credit and banking industries are going to look very different by the end of 2009.

Card issuers:

Card issuers are looking to go through some huge changes, maybe the biggest and quickest changes since the invention of the credit card.

Issuing is going to tighten up a lot. We can likely expect a surge in fees, and a reduction in rewards card programs. Add this to increased underwriting scrutiny, and a new FICO scoring system and we end up with a very volatile card issuing system. It’s going to be harder to get a credit card and they’re going to have more fees and less rewards than we’re all used to.

Card processors:

Credit card processors are just now beginning to feel the strain of the down-turned economy. The ones hit hardest are those with the highest attrition and ones that rely on continued new businesses. Processors who went for the lowest bid are seeing massive attrition, and reduction in income. We’re starting to see across-the-board business closures and greatly decreased sales volumes. This creates a very uncertain future for many companies that handle merchant accounts for millions of businesses in the US. In addition, there is the looming congressional credit card interchange regulation bills. Processors do not neatly fall into any category being regulated, so there is a lot of uncertainty in what’s going to happen if the bills are passed.


Not only are we seeing an increase in business closures, but we’re seeing a reduction in new businesses. Typically during a recessionary period, new businesses are started due to opportunities created by layoffs, pay cuts, and other reductions. Unfortunately, this is not yet the case, and new business start-ups are at an all time low. Even successful business are feeling the strain of reduced consumer spending. On the bright side, the extremely low gas prices are helping, but this is most likely temporary, as gas will eventually rebound.

It’s never to late to optimize your operations, reduce costs and debt, but always continue to market and find new ways to gain new customers, and keep the ones you already have.


Consumers are feeling the strain of reduced bank lending, and the reduction of available credit. When the new FICO system comes into affect, this credit reduction has the potential to destroy people’s good credit, since the new system relies very heavily on available/used balance ratios. This holiday has shown us just how bad things have gotten, just today consumer confidence ratings were recorded at an all time low.

The future

While I’m sure that we will come out of this slump, I fear that we have not yet seen the worst of it. My best wishes go out to anyone having a tough time right now, especially those who have been lay-ed off, lost their home, and those undergoing other very difficult circumstances. Things will get better, and many opportunities will come from our current situation, but if you’re waiting for one to come around, you may be waiting for a long time. We all need to continue to push forward, find and create our own opportunities, and help those around us that are experiencing difficulties.

Have a new year!