Posts filed under 'My Favorite Posts'
Slamming is a situation in the credit card processing industry where a sales agent or an ISO will steal a merchant account from another processor.
This deceitful tactic has been observed in every area of credit card processing, from the retail to ecommerce. It is most common with smaller retail shops and restaurants, and seems to be especially prevalent in rural areas where business owners often have a first name relationship with their merchant account rep. Slamming has a negative impact of both the business that switched, the company whom they switched from, and the processing industry in general.
How slamming happens:
Picture this scenario. You own a clothing shop in a small town in Colorado. One day a person calls or walks into your business claiming he is with your credit card processing company and needs to update your terminal because of new security regulations. He tells you he works with your rep, Sam, who set up your merchant account initially. You know Sam and assume that he must have sent this person to correct your terminal. He has you sign some paperwork, he makes a few phone calls, messes around with your credit card terminal, thanks you and leaves… You’ve just been slammed!
At the end of the month, you get two bills for your credit card processing. One from the company you originally signed up with which is basically blank, and the other that has all of your transactions on it, but you don’t quite recognize the name on it.
What you didn’t realize when that person was reprogramming your terminal was that he worked for a different company, and he just switched you to his service. He knew your sales rep Sam’s name because most of the businesses in the area process through the same company and Sam is their rep. You may not have even signed an actual contract with him, but he got your signature and your terminal is programmed with his company. Although what he did was illegal, you now have two merchant accounts, and the second one is a complete mystery as to what you are actually paying, or who you are processing with. Unlike switching providers on your own, you didn’t need or want to switch, and you don’t know anything at all about the new company or what you’re going to get with them. Hopefully, they actually did setup you up with a real merchant account, but for all you know, this may have been some criminal that installed something to skim all of the credit card numbers that go through your terminal. Some ex-bankcard technician may be routing your money into their bank through a stolen merchant account. Just about anything is possible.
How slamming can hurt your business:
- You are now processing through a deceptive company!
- You almost always have extra fees, due to two accounts being open!
- You will most certainly have a termination fee!
- You can possibly be put on the TMF / Match file if you end your relationship with either company in a bad manner!
- There is a now huge potential for fraud and credit card theft through your business!
Simply put, any company that would con a business into using their service is not someone you want to be doing business with. This company just doubled any fixed fees you had because you have two accounts open now, and you most certainly have has an early termination fee that you will be required to pay when you realize you just got scammed. They have a termination fee, because there is a good chance your going to dump them once you realize what just happened. Apart from that, who knows what your fees are, what this company’s reputation is, if they are even a legal business, if you are going to get all of your money, etc. This is just a bad position to be in for a business.
Of course this is illegal and you can take recourse against this deceptive company, but lawyers are expensive, and this could become an enormous burden to fight. Additionally, it may be hard to track down who is actually responsible for doing this to you. Many businesses do fight and they usually win, but it takes time and money, which is why slammed businesses often stay with the new company.
How this hurts the merchant services industry:
Reputable service providers spend a lot of money to gain your business, and they spend a lot of money on staff, training, and equipment to support your business. It takes months and sometimes years for a processor to regain the cost of establishing a single customer. When merchants are stolen, it has the same affect on a processor that shoplifting has on a retail businesses. Profit margin’s sink, and it becomes harder to keep prices and fees where they are. On an industry wide level, it ends up costing all businesses more, because the lost revenue has to be accounted for somewhere.
Companies that slam are scum!
Slamming exists because some providers and reps find it easier to steal hard earned customers from honest companies than to provide a service worthy of gaining their own customers. The people doing the slamming are criminals and should not be trusted on any level. Businesses have gone bankrupt, been put on the TMF, have been locked into horrible contracts and paid thousands of dollars because of thieves that do this. There is so much risk to a business that gets slammed, only a true criminal would put an honest business into a risky situation that could cost them their business.
What to do if you’re slammed:
First off, do some research to find out who did it to you and when it was done. Usually someone showed up and either switched out your terminal, or reprogrammed your terminal claiming to be with your processor. More than likely an outside agent slammed you and not the company they work for. Luckily, this is the best case scenario for your business, because you can easily bypass the agent and deal directly with the company you are now processing through. Additionally, a sales agent that is out slamming businesses is a huge liability for a processor so they will be more likely to sympathize with your situation. You need to make sure that if you close this new account, you will not be charged a termination fee, and you will not be put on any sort of TMF/Match list. Depending on what you actually signed, it’s possible that it was a complete application. Whatever the case, you are the victim of fraud, and you shouldn’t have to compromise, even a penny! You also need to figure out what you want the outcome of this to be. You can go back to your original company, you can find a new company, or you can stay with the current one. Based on how your relationship got started with this new company, it’s probably a good idea to go somewhere else out of principal. If you do decide to leave your original provider, make sure you know if you are required to pay any sort of termination fee. Most likely your account with them is still open, so going back to them should be simple and painless, maybe taking only a few minutes to get your terminal reprogrammed.
If a provider slammed you themselves, you are in a stickier situation. Going straight to the bank they are registered to, or to Visa and MasterCard may be the best resolution. If you find that the cost is significantly higher, you may need to consult a lawyer or file a report with your police department. If you do decide to call them, go up the chain of command as high as you can. Even if the company is responsible, it was still most likely a rogue sales person that carried out the slam. Filling reports with the BBB can go a long way to getting their attention and getting out of their grip. Ripoff Report is another company you can file a complaint with.
(My Ripoff Report Advice: Only file a Ripoff Report after all other options have been exhausted! You should be 100% certain that you are filing against the correct organization, there is no chance of an amicable resolution, and you do not expect anything positive to further come from the company. Unlike a BBB report, a Ripoff Report cannot be undone, even by you, and they can be so damaging that there is little chance the company will deal with you any more at all. If you commit libel or slander, you should be prepared for for the full legal wrath of the company you reported. Enough said!)
Prevent it!
Don’t let anyone reprogram your terminal unless you are certain that they are supposed to and that they work with your current processor. Whether it is over the phone or face-to-face, make sure you know who is changing your terminal, because you just can’t know what they may be changing on it. Your money and your business’s very existence could be at stake.
March 18th, 2008
If you are in the process of, or have applied to accept credit cards for your business at some point, there’s a good chance that you found or were found by several merchant service providers. And chances are you based a large part of your decision on who to process with, from the processing fee. The processing fee, while important, is the most overrated and overvalued fee that a business can pay attention to.
Here’s why…
The majority of businesses are only going to process a few thousand dollars per month. While most of us fantasize about doing millions of dollars in sales each month, it just simply wont be the case, ever. Because of this invisible cap on sales, and the fact that every decent merchant account provider is going to have a similar processing fee, you will pay about the same amount in processing fees no matter what company you process with. However, the other fees that are associated with your merchant account can tip the scale between affordable and a complete rip off.
Just to clarify before I go any further, I always recommend businesses not shop based solely on price. However, those fixed and extra little fees that you weren’t told about up-front, ignored because they were really small, or simply didn’t understand, are going to have a big affect on what you will actually pay to accept your customer’s cards. When those fees are hidden or not disclosed, it’s a pretty good sign that you found a company that you may not want to do business with.
And now the facts:
Let’s say a company processes twenty thousand dollars per month, with a volume two thousand transactions (Average sales of $10). The difference between 1.69% and 1.75% over $20,000 is only $12. Not really anything to call home about.
Now lets say the provider with the 1.69% rate is charging $.25 for each transaction while the other is charging $.20. That comes out to a difference of $100 per month, which is probably something worth considering. A difference of $.01 per transaction will have more affect on the monthly cost than .1% in processing fees.
In this case: 1.69% & $.25 = 2.19% & $.20.
The processing fee in the second scenario is over 75% higher, but the cost is the same as the perceived lower rate.
When you start to add in things like $.05 AVS fees that you didn’t know about (You mean they charge me for that, and it’s required?), maybe a Watts surcharge of $.05 (what the hell is that?), and maybe even some fee listed in the miscellaneous section for $.05 (run away now…), the extra cost adds up really fast. You don’t even need to take into account things like downgrade fees, which can double your monthly bill, to see that little fees can make a huge difference at the end of the month.
My advice to anyone looking to accept credit cards, or anyone looking to find a new processor, is to stop looking at the huge distraction called the processing fee, and look at everything else you will be paying. Your books will be far better for it, and you will truly find out what kind of company you are dealing with.
June 25th, 2007
I often receive questions as to why merchant service providers so often are just simply trying to rip businesses off. A recent question got me to thinking of what had caused the shift in what should be a great service, into something that rarely reflects a good or honest industry. This is a quick analysis of how some past decisions in the processing industry have influenced the way the industry is often viewed, and why there are so many companies doing bad business.
(Take this article with a grain of salt, as I am not touching on positive aspects of the industry, which there are many.)
A little history:
In the US, merchant accounts were traditionally controlled by banks. Elsewhere in the world, banks still have this same unchecked control over credit card processing. At some point, banks in the US began to give up their control over processing, and a group of businesses called ISOs (Independent Service Operator’s) were born. ISOs perform the same service that banks did, but created some much needed competition in the industry. Fees and prices went down almost overnight, and the acceptance of credit cards spread much more rapidly due to the lower cost to businesses. Since ISOs were specifically devoted to providing merchant services, their levels of knowledge and customer support became superior to banks. The few ISOs at the time got really big, and started allowing smaller ISOs and sales agents to operate under them. This branching created a massive service industry in a short amount of time, empowering thousands of companies and individuals to provide merchant accounts.
Processing equipment in the beginning:
In the beginning, equipment for processing was usually giving to businesses to use for free from banks. The cost of accepting credit cards was high, and banks pretty much just gave equipment to businesses just for processing with them. With the increased competition from ISOs and the subsequent lowering of fees to accept credit cards, equipment turned from a merchant account feature to a commodity. Equipment became a way for banks and ISOs to make some upfront money on their merchant accounts. Since processing become cheaper, in theory this would not have been a problem.
Lease abuse creates the foundation for bad business:
Providers realized that one of the best ways to make money was to lease equipment to their customers. Leasing became the standard, and stayed that way for over ten years. A low cost lease (~$25 / month) fronted the provider much more money than would have been made by selling equipment or giving it away. But, higher cost leases of $79 or more were common, even for equipment costing under $200. On a 48 month lease a provider could easily make $2000 upfront for each lease they signed. For a medium size organization bringing in 500 accounts per month, this would easily equate to 1 million dollars in extra profit each month. This cash flow from leases allowed even smaller ISOs to get very large and have very high revenue and profit. ISOs that heavily abused leasing had extremely high cash-flow and made this industry look like a gold nugget for anyone looking to make a quick buck. A lot of ISOs sprung up only with the intention of capitalizing on the ability to make money from high cost leases. High cost leases also tarnished the integrity of the industry as this cash flow was entirely at the expense of businesses. I still come across businesses locked into $79 / month and higher leases, as some banks and ISOs still dupe unsuspecting business owners into these ridiculous contracts.
A shift:
Sometime between 1999 and 2002, after the .com crash, leasing began to rapidly lose it’s appeal. Several merchant service providers (Merchant Warehouse is the first I know of starting in ‘98) started selling credit card equipment online for very cheap, and leasing no longer seemed practical for many business owners. During this time several leasing companies also halted new leases, and lease provider’s practices came under scrutiny. Many ISOs lost their entire cash-flow overnight with the fall of prominent leasing companies.
Free terminal programs re-emerged in 2004 when United Bankcard and later Total Merchant Services revived the practice. Although United claims that they invented the free terminal program, they only re-invented it. It has however been an effective marketing tool for them. Now, most businesses either get a free terminal or they purchase one with very little markup when they first sign up for a merchant account. Both of these practices have their advantages and disadvantages.
How competition took a wrong turn:
At some point in the development of merchant services, the actual fees associated with processing became the primary competition focus. ISOs fought, basing their marketing and sales strategy solely off of their price. Since every ISO pays almost an identical cost, the industry shifted from a service driven industry to a price driven industry. ISOs began further and further discounting their services to make themselves appear the cheapest, and eventually hit their cost or below it. In response to no longer making money, many ISOs began getting creative with their fee structures. A business would sign up for a merchant account thinking they were getting a great price, and would get hit with a ton of other padding fees, or their provider would simply raise their rate. Things like monthly, convenience, yearly, and other fees become more common as ISOs had to make money somewhere. The industry ramped onto a self-destructive path, and still has not stepped off of it or even taken the steps to change it’s path.
Effects on the provider-customer relationship:
Processing companies have rarely been regarded as honest companies and taking this route did a few things. As more and more businesses started getting ripped off, the trust that these businesses had for service providers degraded more and more. Businesses locked into leases or contracts realized that they were being taken advantage of. Customer loyalty has become almost completely non-existent. ISOs started using termination fees more to keep customers with their business, and it doesn’t look like that is going to change any time soon. This has contributed to the further separation of businesses from ISOs. ISOs also make the mistake of isolating themselves from their customers, believing that they are better than the businesses that use their services. This can be party attributed to the business practices passed down from banks into the processing industry, but mainly ISOs just believe that their knowledge empowers them (which it very often does).
What we get in the end:
After all the cards are played, we end up with a service based industry competing only on price to a bunch of businesses that don’t care who they use because they will immediately switch as soon as there is any problem, or the next lower offer comes around. There is no real trust between the business and the provider, and as a result, there is no loyalty between the provider and the business. Businesses expect ultra-low processing rates, and providers are trying to figure out how to be fair and not lose money.
The bad providers keep the entire industry in a stalemate, as they keep focus on the price of services, while continuing to rip their customers off with other fees, increasing rates, and absurd contract terms. This in turn pushes the cycle of mistrust, and entices the good providers to remain in a price competition with the bad ones.
On the bright side:
There are still good providers out there. These companies don’t exist just to rip businesses off, and they do provide a needed and honest service to their customers.
The best way to find a good provider is to initially take price out of the picture. Find a provider that your business colleagues recommend, that has a good rating with the BBB, that doesn’t use high pressure sales, that didn’t first solicit you, and that has fair fees on their application. Find 4 or 5 companies that match some or all of the above criteria, and get some info from them. You should find a provider that has fair fees, is completely upfront with you, and you feel comfortable with.
In the end, Knowledge is the most powerful tool for any business looking for a merchant account. A basic knowledge of the industry will greatly benefit any business looking for merchant services, and the industry itself.
December 11th, 2006
I was recently posed with the question of how a business can bypass all of the middle people in the payment processing industry, and go straight to the credit card companies. This post is briefly in regard covers that question and also covers who the best company to process with is.
First off, it is not within the spec of my knowledge to accurately discuss negotiating directly with Visa or MasterCard, if it is even possible. Any company that is large enough to go straight to them, would have to be processing in the hundred of millions to billions of dollars per year. If your company is smaller than say Paypal, Visa and MasterCard wouldn’t even pick up the phone.
So, who is the best company to process with?
This depends on two factors, what you are looking for in a processing company, and how big your business is. If you want the absolutely lowest cost possible at the expense of any decent service quality, then going for a middle sized ISO, that offers some absurdly low processing rate is probably the way to go (You can find these companies on EBay). On the other hand if you have ever had problems that your ISO couldn’t fix in a reasonable manner, or you want to quality service that you can stick with, a good MLS, or a good mall to medium sized ISO is the way to go.
If you ever do have problems with your merchant account, and your ultra cheap provider is slow, or generally bad at getting the problem fixed, then I guarantee that you will wish you chose a better provider.
When would you go straight to a large ISO?
Only when your business is very large. In my view, very large is defined as above ten million dollars per month. Based on that you can probably negotiate a very low rate with the ISO, but also get decent support from them. Smaller businesses will normally receive poor, generic support when they process with very large companies.
Getting good support from a provider:
From my experience, as the size of a company goes up past a certain breaking point, the quality of support goes down. This isn’t always the case, but it makes sense. Large companies generally have poor support because the cost to maintain a good support department is very high, in addition to the technology to integrate all of their departments into a single, reliable system.
The best service:
The best support I have ever seen for merchant services is from small, independent sales reps that are large enough to have their own office, but small enough to know their customers by name. These outside agents usually handle customer service face-to-face, and will show up at their customers place of business when needed. Their customers pay a little more for their services, but if you ask any customer they have, you wont hear even the slightest hint of negative feedback. But, not all businesses need their provider to show up at the slightest sign of trouble. For these businesses, processing with a small to medium ISO that has good telephone support and a personal account representative, will be more than sufficient. They will save some money each month, but not by sacrificing the quality of their support.
The worst service:
The worst service I have ever seen, is when small businesses believe that they will save money by processing with the largest company they can find. They later find that when they have a problem, the get to navigate through endless telephone menu’s only to be left on hold for an hour, and hopefully get the issue resolved because they talked to someone who barely spoke English. And, each time they call they speak to a new person.
The other major mistake people make is by looking for the absolutely lowest offer they can find. These companies offer super low rates, which often come with hidden charges, or a rate increase a few weeks after the merchant account is up and running. The bottom line is, when you shop for the cheapest company out there, you get exactly that. The cheapest company out there.
July 28th, 2006
There are probably thousands of merchant account affiliate programs on the internet. Because of the lack of a solid internet foundation that most merchant service providers have, most of these programs are completely worthless.
Affiliate Program Key Areas:
There are a few key areas that an affiliate should look for when finding a program to join. To get paid a commission whether pay per lead or pay per account, your referral is going to have to fill out an application on the provider’s website. The website and the way that the application form is setup are the biggest factors in turning your leads into commissions. A visitor needs to instantly be able to trust the provider’s website. The website should be clean, professional, and well established. An important fact about merchant services is that online applications are not the actual application for a merchant account. The longer the application, the less likely it will be for a visitor to fill out the application because they will have to fill out another application at some point. Make sure that the affiliate program’s website is above average in appearance and professionalism, and it has the shortest application form possible. If you have the time and/or knowledge, investigating things like rates, customer satisfaction, and business history will help you to find the best program, but these time intensive tasks are not mandatory to find a decent program.
Where to find a merchant account affiliate program:
There are several ways to find reputable merchant account affiliate programs. Affiliate networks have a few programs available, but most merchant service providers use in-house programs. By finding a good merchant account provider, you can then look to see if they have an affiliate program available. This way, you can ignore any potentially poor merchant account affiliate program right from the start. The most common affiliate networks, are commission junction, shareasale, and linkshare. As far a merchant services go, commission junction which is normally the leader in quality affiliate programs, only has one provider. Shareasale and link share have a few, but the majority of programs are in-house operated.
Affiliate Networks vs. In-House Programs:
Affiliate networks are great because they are a third party that helps to maintain the integrity of an affiliate program and all parties involved in it. Affiliate networks ensure timely and proper payouts, and help protect all parties from fraud. In-house programs are run by the companies receiving the application. Make sure that if you do decide to go with a company’s in-house program, that the company has a very good reputation. There is very little recourse for affiliates that are scammed by in-house affiliate programs.
Getting Paid:
One very important part of the affiliate program is how to get paid. Make sure the affiliate program you are interested in offers acceptable payout methods and amounts. I have seen a few programs payout only when commission reaches $500. While every affiliate would love to be getting $500+ checks each month, the simple fact is that most affiliates aren’t going to reach $500 in a reasonable amount of time. Unless you know from experience that the minimum payout is an easy target, look for a more reasonable $100 or less minimum.
Programs that I have found with reputable companies:
Pay Per Lead:
The Merchant Store Inc. - This is my company’s affiliate program. We offer $20 per lead, and 3% for equipment sales that our affiliates generate. We have both a shareasale program and an in-house program. By using 2 programs we can offer custom affiliate partnerships with select affiliates or affiliates with special needs. We have been in business for over 10 years.
Electronic Transfer Inc. - Offers $10 per lead and performance incentives for well performing affiliates. Electronic Transfer Inc. has been in operation since 1989.
Pay Per Account:
Merchant Accounts Express - Pays $80 / approved merchant account. Over 8 years of operation.
Paynet Systems - $50 - $100 per approved account.
Ecommerce Exchange - $50 / approved account. In operation since 1989.
3rd Party Processing Programs:
Paypal - You will receive an initial monthly bonus, equivalent to 0.5% of the new merchant’s net sales, as soon as that merchant reaches $200.00 in sales. Every 30 days for the next 12 months, you will receive a bonus of 0.5% of the new merchant’s monthly net sales. The maximum total bonus you can receive is $1,000.00.
2Checkout.com - All referrals earn $9, every third referral earns an additional $5.
Related Posts:
Guide to Merchant Account Affiliate Programs - Part 1
May 30th, 2006
This is a two part post on merchant account affiliate programs. The first part will cover the basic types and payout amounts of merchant account affiliate programs, and the second will cover where to sign up for merchant account affiliate programs, and will list a number of available programs.
An affiliate program is an online referral program that is designed for website owners to refer visitors to another website in exchange for a commission on any transaction those visitors make.
Merchant account affiliate programs have become increasingly popular with web design, hosting, consulting, and businesses where customers may seek a recommendation on getting setup accepting credit cards. Merchant account affiliate programs have two basic payout structures: pay per lead, and pay per account.
Pay Per Lead
Pay per lead affiliate programs are where a flat fee or percentage is paid to the affiliate for each referral. A referral is normally considered a visitor applying for a merchant account. The affiliate is paid whether or not the applicant actually sets up a merchant account.
Positives:
- Paid for each application.
- Paid whether or not an account is ever setup.
- Faster turn around time for being paid.
Negatives:
- Lower commission per action.
Pay per Account
A pay per account affiliate program is almost unique to merchant service affiliate programs. An affiliate is paid for each approved merchant account that they refer. Unlike a pay per lead program, the affiliate has to wait for the referral to be approved and processing before they are ever granted a commission.
Positives:
- Higher payout per referral.
Negatives:
- A substantial percent of applicants wont ever get fully setup.
- Delay in getting commission until merchant account is setup.
- No control of the process once referral is made.
As you can see the two programs are similar, but offer completely different benefits. It is my experience that for merchant account affiliate programs, pay per lead affiliate programs are better for both the affiliate and the business they are referring to.
The simple difference between the two program types:
The key difference between a pay per lead and pay per account program is that affiliates with the pay per account programs have to wait and trust that the lead they referred will be turned into an account.
With a pay per account program, the merchant account process can be confusing and frustrating for affiliates who are waiting for their commission. Apart from that, the best merchant account provider is not going to convert more than 70% of their leads into sales. That means that in the best case scenario, 3/10 referrals will never be paid. Realistically, most providers will never break a 50% conversion from a lead to an account.
Payout Amounts:
Pay per lead programs usually pay between $5 and $25 per lead. Pay per account programs normally pay between $50 and $200 per account. When you get into the higher paying programs, there is very often additional requirements for the commission to be paid. Sometimes the requirements are as detailed as having a required monthly minimum processing volumes, or the referred business has to process for 3 or more months. The bottom line is that the time, complicated process, and limited payout window that pay per account programs offer, are not worth it.
Part 2
May 25th, 2006
I was clued into a great tool made by google in the google lab, by Rand of Seomoz. It’s called Google Trends and it is a system that will let a user view a graph of the search volume for a given search term over time.
Naturally, I wanted to see how the top terms relating to credit card processing look. I would consider the top terms to be: Merchant Account, Accept Credit Cards, Credit Card Machines, and Credit Card Processing. For this article I searched for the first three.
What I found was an extremely troubling and unexpected graph.
Not only was this line sloping in the exact opposite direction that I was expecting, but the slope is much steeper than I ever could have expected. I added the red line to show a linear path of the slope of the line.
Since the beginning of the chart (2004), until now (2006), there has been a linear 50% reduction in search traffic for terms relating to credit card processing. The beginning of 2004 is coincidentally when we started actively competing for these related terms, and we also began advertising with Google and Overture pay per click programs. Since the time we started, the average cost per click across all terms in our industry has at least doubled. Pay per click adversing costs, are also a decent indicator, of the amount of competition for natural traffic.
What this means for websites relating to credit card processing is that the potential customers are searching on the internet 50% less now than 2 years ago, and the competition has increased by 100% or a factor of 2. Putting this all together, the merchant services field on the internet is now 400% more competitive than it was 2 years.
I’m not sure how accurate this graph is from google, and it is in a testing area of their services. The data itself is against everything I have read and calculated about the trends of traffic on the internet. But, it is a very interesting look into two ways that competition increases in business. I am interested to see if other industries experience the same trend.
May 11th, 2006
There are so many merchant service providing companies in the US, that searching for a good one can seem like an overwhelming task. Nearly every provider you encounter will be offering their version (or the same version) of what they can do for your business. In the world of merchant services, there are a few good companies and there are a lot of bad companies. A bad company is what I would define as a company that is looking to rip off unsuspecting businesses. New business owners are often so busy planning the other parts of their business, they become an easy target.
How do you find out if the company that you are going to trust your money to is a good company?
First and foremost:
If you are new to merchant accounts and you hear the word lease, my recommendation is to run far, far away. Just to further explain this, get the lease cost information that you are being offered and the terminal they want to lease you. Then, enter it into our processing equipment lease cost calculator. You will see why I tell you to run.
Secondly, check for some simple information on the business. Look at the website and make sure you can find a physical address, and phone number. Next check the address in the Yellow Pages and make sure that the business does indeed exist where they say they do. Also, check to make sure that this isn’t a residential address. You would be amazed by how many claimed merchant service providers are actually people operating out of their basement.
Next, look at the legal disclaimer on the bottom of the website. Using my business as an example, it should say something like:
The Merchant Equipment Store is a registered service provider for the following FDIC-Insured Bank: HSBC Bank, USA, National Association, Buffalo, NY.
The penalties for incorrectly or illegally displaying this disclaimer are strict enough that they can destroy a small company in fines and legal fees. If the legal disclaimer says something like FDMS is registered to, or JP Morgan Chase is registered to, etc., the site is not legally registered with Visa and MasterCard. FDMS and JP Morgan Chase do not allow websites to use their disclaimer, nor do any other registered company.
If it lacks this information completely, or if the statement is for a different organization than the website name, the business is not operating legally, plain and simple. Find a new company.
Next you need to check the businesses profile with the BBB (Better Business Bureau). The great thing about the BBB is that they keep a profile for businesses that aren’t registered with them. This means that if the company has complaints against them, the BBB will let you know.
BBB - http://www.bbb.org/
When looking at the BBB profile, there are a few things to remember. While its great if a company has no negative reports against them, the important thing to know is how the company handles complaints. Occasionally a customer can not be made happy no matter what is done, so as long as the company resolves their complaints as best a humanly possible, and there aren’t a ridiculous number of them, they are probably not a bad company. On the other hand if they have open complaints, or a huge quantity of complaints, they are a company you should probably stay away from.
Now that the company you are thinking about signing up with has checked out on being a legitimate, honest business, you need to get into the processing related questions. Look at these posts for specifics on fees and other factors to help you avoid getting ripped off.
What Does All This Mean? - Merchant Account Fees
Avoiding a Bad Merchant Service Provider
The key things to remember is that when you see things like free terminals, or greatly reduced fees over other companies, there is probably a reason for it. In a cost driven industry like credit card processing it is nearly impossible to get a much better deal with any particular company. Look for the best value when you shop for merchant services. The company that can provide you with reasonable priced equipment and fees, while giving you the support you need is a good find. Hopefully you never have problems with your credit card processing but if you do, you will be glad to be with a company that fixes the problem, quickly.
This is your money, don’t trust it to just anyone.
May 1st, 2006
The BBB has co-authored a guide to help small businesses be secure and to help protect user privacy. This is an excellent guide for any small business. It was sponsored by Visa, IBM, Equifax, Verizon, The Wall Street Journal, Ebay, and Paypal. We support and recommend these practices in every way.
Please click on the link to view the PDF, or download the ZIP version to your computer.
Guide to Small Business Security PDF
Guide to Small Business Security ZIP Download
April 4th, 2006
SDP /CISP / PCI is a standard that many businesses must adhere to to help protect consumer data. CISP (Cardholder Information Security Program) is a Visa security standard that is designed to help protect all levels of business from fraud and loss of data. MasterCard has a similar program called SDP (Site Data Protection). CISP / PCI is a standard that is designed to help secure and protect sensitive data specifically relating to the payment card industry. CISP compliance extends beyond online businesses and applies to Retail (brick-and-mortar), and Moto (keyed entry) businesses in addition to ecommerce. CISP compliance is outlined here rather than the SDP program because it is more restrictive and better organized.
PCI / CISP is designed to be implemented by any businesses that accepts of facilitates credit card transactions or the handling of sensitive credit card and user information. Businesses that do not store or handle credit card information, are not subject to CISP regulations.
Visa: Note that these Payment Card Industry (PCI) Data Security Requirements apply to all Members, merchants, and service providers that store, process or transmit card-holder data. Additionally, these security requirements apply to all “system components†which is defined as any network component, server, or application included in, or connected to, the card-holder data environment. Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, web, database, authentication, DNS, mail, proxy, and NTP. Applications include all purchased and custom applications, including internal and external (web) applications.
PCI / CISP Basic Requirements:
- Install and maintain a firewall configuration to protect data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored data.
- Encrypt transmission of card-holder data and sensitive information across public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
- Restrict access to data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to card-holder data.
- Track and monitor all access to network resources and card-holder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
If you read the full CISP manual, you will find that each requirement is broken into several sub-requirements. CISP attempts to leave no stone unturned and no margin for error.
How To Implement PCI / CISP:
Most of the CISP requirements are simple common sense. CISP is heavily geared toward websites and other easily accessible systems where there is a huge potential for a loss of sensitive data. Many of the technical issues are very complex and the requirements are very strict. I have helped to secure several web servers for CISP compliance, and to say that the requirements are strict is a gross understatement. Not only are there basic firewall and network infrastructure requirements, but there are hundreds of update, software versions, and patch requirements that must be met for a web server to be CISP compliant. A single missing software version update, or patch, or a single compromised web port, will cause a server to fail CISP compliance.
To start on the road to compliance look at the Visa PCI / CISP Pdf linked at the bottom of this document. All of the requirements are listed to be CISP compliant. After you meet all of the requirements, you will need to get with a company that certifies businesses for CISP compliance. They will normally perform a series of checks on your server, and give you the results of their inspection. The checks that they perform are essentially an attack on your web server, and they will try to exploit any known vulnerability. They also check the software, and current versions of several applications on the server making sure they are all up to the current version. You can also start by doing a scan and fix whatever areas are not up to standard.
A Warning: Make sure your web host knows that you are going to be doing these tests, or they may mistake them for a true attack.
CISP non-compliance and loss of data penalties:
The fines for not complying with CISP are low, up until there is an actual loss of data. Visa and MasterCard can shut down or fine non-complying merchants, but due to the current lack of organization and the impossibility to monitor every business and organization, larger companies are the only ones who are currently monitored. It is the responsibility of a business to ensure that they take the steps to become CISP compliant. If a business is not CISP compliant and a loss of data occurs, there is a $500,000 fine from Visa alone for loosing data and an additional $100,000 fine just for not being CISP compliant. $600,000 for not-becoming CISP compliant and loosing data because of it, and this applies for any business that accepts credit or debit cards. A single credit card number that is lost and is traced back to a business is considered a loss of data.
Apart from the monetary penalties, it never looks good when a business looses data. News agencies jump on these stories, and instantly make a business look like a criminal organization. I’m sick of reading about them, and I’m sure you are as well, so protect your data.
Overview:
I personally don’t recommend storing credit card numbers at all in an online database. Not only is the CISP compliance very difficult to achieve, but it just isn’t a safe practice. If card information is stored online, it must also be encrypted so that if there is some sort of data loss, the data will be useless. Even with CISP compliance it is still possible for someone to gain access to a server. No matter how secure something is, there is almost always a way for the system to become compromised. Also for retail businesses, employees are one of the largest causes of loss of data. Card information should only be accessible by select people that need access to it.
PCI / CISP Resources:
Visa CISP / PCI Compliance PDF
ScanAlert - PCI CISP Certification
Related Articles:
Credit Card Truncation
April 3rd, 2006
Previous Posts
