Glossary of Common U. S. Electronic Payments and Merchant Services Terms

A

  • ACH transaction: Either a direct deposit or direct payment transaction processed via the Automated Clearing House (ACH).  A direct deposit is the deposit of funds for payroll, employee expense reimbursement, government benefits, tax and other refunds, and annuities and interest payments. It includes any ACH credit payment from a business or government to a consumer. A direct payment is either an ACH debit or credit used to make a payment. An ACH debit takes funds from an account; examples include a recurring monthly mortgage payment or utility bill, where the account of the party making the payment is automatically debited by the mortgage company or utility. An ACH credit, on the other hand, is initiated by the party making the payment. An example is where a consumer initiates a payment of a bill through the consumer’s bank or credit union. (See automated clearing house.)
  • Acquirer: See acquiring bank.
  • Acquiring bank (aka Acquirer): Provides an interface between merchants and the financial institutions (Issuers) that issue credit cards to consumers, who then use them to purchase goods and services from merchants.  Acquiring banks 1) originate and maintain merchant accounts for businesses for electronic payments accounting and reporting; 2) process payment transactions for the merchants; and 3) settle them with the Issuers. During settlement, the Issuers pay the funds due the merchants for credit card transactions accepted by the merchants from the Issuers’ customers. The Issuers send the funds to the Acquirer, which places them into the appropriate merchant accounts and then transfers them directly into the merchants’ own bank accounts.
  • Address verification service (AVS): Part of the authorization process for eCommerce and other transactions where the cardholder is not face-to-face with the merchant. The street address and zip code entered into an electronic device at the time of sale are verified using data stored in the cardholder’s account with the financial institution that issued the card to the cardholder. Mismatches may indicate that the person initiating the transaction is not the cardholder and that the transaction may be fraudulent. These transactions may be accepted or rejected based on parameters pre-established by the merchant.     
  • American Bankers Association number (aka ABA number or routing identifier): A nine-digit number appearing at the bottom of a check in addition to the bank account number, which identifies the financial institution holding the bank account.
  • ATM: Automated Teller Machine. Devices that displays account balances and dispense cash to cardholders. ATMs held by financial institutions also accept bank account deposits and transfer funds between bank accounts.
  • ATM debit card: A multi-purpose card used in conjunction with automated teller machines (ATMs) to access a cardholder’s bank accounts to obtain cash, deposit funds, check account balances, and transfer funds among accounts. ATM debit cards can substitute for credit cards in some POS, on-line, and mobile environments, in which case a PIN may not be required.
  • Authorization: Verification during an electronic payment transaction that a valid credit card account or bank account exists and that there are sufficient funds available to cover a purchase amount.
  • Authorization code: A response code created when a payment transaction is authorized for processing; it is displayed on transaction receipts. For pre-authorized card payment transactions, the authorization code is required to complete the transaction.
  • Authorization fee: The fee amount charged to the merchant when a card payment transaction is authorized.
  • Authorization, Only” transaction: Used to verify the authenticity of a credit card account, and that sufficient funds are available to make a future payment using that account.  Funds from the account are set aside in the amount of the future purchase and are unavailable for use by the cardholder for a different purpose. The credit card is charged, and held funds released, when the card payment transaction is completed.  For example, this transaction can be used by a home furnishings retailer when a customer orders custom furniture that will be delivered six weeks in the future, which guarantees that the customer will make the payment once the delivery occurs. 
  • Authorization response: Issued during the authorization phase of a card payment transaction, it indicates if the transaction is approved for processing, declined, or deferred with a request for the merchant to call a toll-free number to provide additional information about the consumer. 
  • Automated Clearing House (ACH): An electronic network established to exchange electronic payment transactions between participating financial institutions. It supports both direct debit and credit transfer transactions. Its low fees encourage transfer of low-value payments in large quantities. The ACH network is now one of the largest, safest and most reliable payment systems in the world, creating value and enabling innovation for all participants. 
  • Average transaction amount (aka average ticket amount): Calculated as credit card volume divided by the number of transactions, as reported on a periodic merchant account statement. Typically used as a risk measure when underwriting a new merchant account. 

B

  • Bank account number: The primary identifier for ownership of a bank account.  It is displayed on bank statements and notices, and on the bottom of checks along with a routing identifier to indicate the specific financial institution and account.   
  • Basis point: Typically used in finance to describe rates, one basis point equals 1/100 of one percent. Merchant account rates, for example, might be described as Interchange plus 55 basis points, meaning that the merchant will be charged the Interchange rate, authorization fee, dues, and assessments charged by Visa, MasterCard, et al, plus .55% for processor operating costs.    
  • Batch: A collection of individual card payment transactions in one data file; for example, a merchant’s transactions accumulated during a single day by an Internet payments gateway, point-of-sale system, or credit card terminal.  
  • Batch processing: Closing or settling a complete batch of transactions together.
  • Breach security coverage: Insurance coverage in the event of a data breach.
  • Business type: A merchant account business classification. Business type categories are: retail, restaurant, hotel, mail order / telephone order (MOTO), and Internet. The mail order / telephone order category includes all those orders submitted remotely that require key entry into an actual or virtual credit card terminal, including orders received via e-mail and fax. The Internet category refers to eCommerce, including payments via web-sites, and via mobile devices like cell phones and tablets.  
  • Business-to-business (B2B): The sale of products and services by a business to other businesses, rather than to consumers.

C

  • Card brand (aka payment brand): The name, term, design, symbol, or any other feature used in business, marketing, and advertising, that distinguishes card associations like Visa, MasterCard, American Express, Discover, UnionPay, and JCB from one another. 
  • Card networks (see also card associations): Electronic networks maintained by the card associations that inter-relate member card issuers and merchant acquirers for payment card transaction authorization, clearing, and settlement.  The four major networks are maintained by Visa, MasterCard, American Express, and Discover.
  • Card transaction settlement: A process by which financial institutions (Issuers) that have issued credit cards to consumers reimburse merchants for the value of transactions involving the use of those cards to purchase goods and services.   
  • Card-not-present (CNP) transaction: Payment card transaction in which the cardholder is not physically present with the merchant. On-line, mobile, mail (and e-mail), and telephone orders are examples of card-not-present transactions.
  • Card-present (CP) transaction: Payment card transaction in which the cardholder has possession of the card and presents it, face-to-face, to the merchant. This transaction type has lower risk than a card-not-present transaction, because further identification can be requested by the merchant, if necessary. 
  • Card reader: Device used to read credit card information from a payment card, including EMV files, while processing a credit card transaction. 
  • Cash-flow: The net amount of cash and cash-equivalents being transferred into and out of a business. Accepting electronic payments in the retail environment increases cash-flow, by increasing the number of acceptable transactions and processing them faster. For instance, denying customers who wish to pay by check reduces potential cash flow by reducing the number of transactions.  In the business-to-business (B2B) environment, cash-flow can accelerate by reducing the time between invoicing a client and receiving payment.  
  • Charge card: Payment card for which transactions are billed to the cardholder’s account; requiring the account balance to be repaid in full each month.
  • Chargeback: Procedure for disputing a credit card transaction. It includes the following elements: 1) a customer contacts the financial institution that issued the customer’s credit card, known as the card Issuer, and disputes a credit card transaction on the basis of either fraudulent use of the card by another, non-receipt of merchandise, improper shipment, defective merchandise, etc.; 2) the card Issuer questions the customer, prepares a document indicating why the customer believes that a refund in the amount of the original payment transaction is due the cardholder, and demands the refund from the merchant, via the Acquirer; 3) the disputed funds are withdrawn by the credit card processor from the merchant’s merchant account or bank account until the dispute is resolved; 4) the merchant responds to a request from the Acquirer for information, typically providing a sales receipt, proof of delivery of merchandise, a purchase order, an invoice, and other relevant documentation as may be available about the original transaction; 5) all documentation is reviewed by the relevant card brand or its designated representative and the chargeback claim is approved or denied. Either party may appeal the decision.  A customer typically has about six months from the date a customer and merchant last communicated about a transaction, in which to file a chargeback complaint.
  • Chargeback dispute resolution manager: An automated system which reduces time to process card payment chargeback claims by allowing the merchant to download chargeback notices and upload appropriate transaction documentation on-line. The system is used in conjunction with e-mail notification that a chargeback has been initiated by a customer in relation to a disputed credit card payment. (See Chargeback.)
  • Chip and PIN technology: POS credit card acceptance requiring 1) cards containing EMV chips and 2) PIN data entry by the consumer. (See EMV card and personal identification number.)    
  • Clearing: Determining accountability for the exchange of funds and financial assets among the parties to a financial transaction. Specifically, collected credit card transaction data is typically provided each business day by merchants to their credit card processing companies for processing. The credit card processors forward the transaction data via the card association networks to the financial institutions (Issuers) that originally issued the credit cards involved to the merchant’s customers. Clearing concerns verifying the accuracy of the transaction data before settlement occurs. (See card transaction settlement.)
  • Co-branded credit card: Credit card sponsored by two parties. Typically one is a retailer, such as a department store, gasoline retailer, or airline, and the other is a financial institution or card network such as Visa, MasterCard, Discover or American Express.
  • Consumer: A person or business that purchases goods and services for use.
  • Credit card: A payment card issued by a financial institution (Issuer) to its customers, which allows the customers in turn to purchase products and services on credit. Credit card transactions are billed to the cardholder in monthly installments, and the billed amount is dependent upon the current account balance; as distinct from charge cards which require payment of the balance in full each month.  
  • Credit card association: A card brand that sets common transaction terms, and regulates card issuance and acceptance for merchants, issuers, and acquirers. Major associations include Visa, MasterCard, American Express, and Discover.
  • Credit card fraud: Unauthorized, illegal use of a credit card to either obtain goods and services without actually paying for them, or to obtain funds from a credit card account by way of a cash advance. Frequently, credit card fraud is part of a broader theft of someone’s identity, which is then used to obtain new credit cards, new loans, and new lines of credit. Factors relating to credit card fraud include stolen cards, ID theft, dishonest employees who copy credit card information, telemarketing scams, skimming, and phishing. Many credit card companies will not hold the defrauded party liable for fraudulent charges, or will charge a relatively small fee.   
  • Credit card network: The purpose of a credit card network is to control where credit cards can be accepted and to facilitate card payment transactions between merchants and consumers. It sets the interchange fees charged to merchants that accept credit card transactions, yet does not control fees a cardholder pays for using credit cards; such as interest rates, annual fees, late fees, foreign transaction fees, and over-limit fees. The four main credit card networks are operated by Visa, MasterCard, American Express and Discover.
  • Credit card processor: The financial institution that facilitates verification, authorization, clearing, and settlement of credit card transactions for its merchants.  
  • Credit card volume (aka purchase volume): Total dollar amount of card payments; typically calculated monthly or weekly, depending on the total amount for a given period of time. It is displayed within the merchant’s credit card processing statement.
  • Credit transfer: ACH non-immediate transfer of funds between accounts located within the same or different financial institutions, for payments by retail customers and for non-urgent business-to-business payments.
  • Cryptocurrency wallet: A device, physical medium, program, or service which stores public and private electronic keys allowing access to the wallet. It is used to track cryptocurrency ownership and to receive and spend cryptocurrencies stored in a blockchain, which is a publicly available distributed ledger.  
  • Customer: An individual or firm purchasing goods and services from a merchant.

D

  • Data capture: Use of an electronic device to acquire the data necessary to process a card payment transaction, and the data’s subsequent transmission for transaction processing and settlement.  
  • Data encryption: Translation of digital data into electronic code to ensure secured data transmission and storage.
  • Data security: Protection of digital data from physical corruption of devices and data files, and from unauthorized data access.
  • Debit card: A payment card issued by a financial institution to its customer, allowing the customer to purchase products and services using the customer’s bank account.
  • Digital wallet (aka eWallet): Electronic storage of digital card data used to purchase goods and services. For instance, when eWallets are stored within smartphones, the devices can be used in conjunction with NFC-capable POS devices to make payments.  Personal credentials and other information can also be stored in eWallets, and current uses include determining whether someone is of legal age to purchase alcohol and tobacco. 
  • Direct debit: See ACH transactions.
  • Direct deposit: See ACH transactions.
  • Discount rate: Charged to a merchant for debit and credit card payment processing services rendered. It is a set percentage of the dollar amount of each transaction, covering a processor’s operating expenses and including Interchange fees and dues and assessments charged by the card brands. The merchant agrees to the rate prior to accepting credit card and debit card payments from customers.
  • Dues and assessments: Fees paid directly to the Card Associations by merchants, for their use of the card brands to attract customers, and the right to process credit and debit card transactions using Visa, MasterCard, American Express, and Discover payment networks.

E

  • EBT card: See electronic benefits transfer.
  • eCheck: See electronic check.
  • eCommerce: Commercial transactions conducted electronically, using the Internet; which is primarily accessed via smartphones, laptops, and PCs vis-à-vis these transactions.
  • eCommerce payment: An on-line payment widely used for Internet-based shopping and banking.
  • eCommerce shopping cart: An automated service allowing merchants to sell products and services on-line. The merchant can build an on-line store; including product catalog with descriptions, images, and pricing. Shopping carts integrate with Internet payment gateways to provide to customers the convenience of immediately paying on-line for selected catalog items, and applicable taxes and shipment charges. 
  • Electronic benefits transfer (EBT): An electronic system used by state governments to provide financial and material benefits to welfare recipients via pre-funded debit card; including unemployment and food benefits. EBT cards are accepted by merchants and processed via point-of-sale systems and credit card terminals.
  • Electronic check (aka eCheck): An electronic payment method which replaces a conventional paper check and offers simplified transaction processing. A consumer can purchase a product on-line and provide the associated bank routing identification number and specific bank account number to be debited as payment.     
  • Electronic funds transfer (EFT): An electronic transfer of funds from one bank account to another, either within a single financial institution or between one and another.
  • Electronic payment (aka ePayment): Payment for purchased goods and services made by credit card, debit card, or bank transfer involving electronic transmission of payments data; it also can refer to peer-to-peer payments. Examples include purchases using the Internet, POS systems, credit card terminals, computers, electronic tablets, and smartphones. Additional electronic payment tools include electronic wallets and cryptocurrency wallets.
  • Electronic payments gateway: Commonly a third-party interface handling transmission of transaction data between a merchant and its processor. Gateways commonly provide additional features, too, such as a search feature, transaction reporting, customer relationship management (CRM), and data security protection. Gateways integrate with eCommerce web-site shopping carts, mobile devices such as smartphones and electronic tablets, and various retail point-of-sale systems.
  • Electronic wallet (aka eWallet): Securely encrypted and convenient digital storage of payment card information within, for example, a smart phone. It replaces actual credit cards and debit cards and is used to perform electronic payment transactions in conjunction with devices that accept contactless payments using NFC technology.
  • EMV: An acronym for an organization comprised of EuroPay, MasterCard, and Visa, which developed a global standard for smart payment cards.   
  • EMV card: A smart payment card containing a computer chip and technology used to authenticate chip-card transactions. It is designed to protect consumers by reducing fraudulent use of credit and debit cards.
  • eWallet: See digital wallet.

F

  • Fraud prevention service: Reduces fraudulent transactions and associated charge-back claims using big data, artificial intelligence, machine learning, predictive analytics, and innovative prevention systems to determine the probability that each presented transaction may be fraudulent.  As a result, more transactions are automatically approved in real time and more of the likely fraudulent transactions are declined or diverted for manual review.

I

  • Interchange: The process in which an Acquirer or Acquiring bank submits approved card payment transactions data to Issuers and Issuing banks for payment, on behalf of its merchants.
  • Interchange fee: A fee set by the payment card brands and paid to associated card-issuing financial institutions (Issuers) to cover costs of offering lines of credit and fraud mitigation to consumers.
  • Internet payments gateway: An automated system which can connect an eCommerce application with a credit card processor and typically offers a virtual terminal for back-office transaction processing, as well. It authorizes payment transactions, transmits transaction data to the processor for clearing and settlement, and provides sophisticated transaction reporting to merchants.  Some gateways also offer ACH transaction processing, customer relationship management, fraud detection, electronic invoicing, and related services. 
  • Invoice: A commercial document issued by a seller to a buyer, which itemizes products, quantities, and agreed prices for products or services sold.
  • Invoice payment: Full or partial payment on account for products and services a seller has provided to a buyer.
  • Issuer (aka Issuing bank): A bank or financial institution that is a licensed member of a brand’s credit card network. It provides credit card holders with credit to purchase goods and services from merchants, and to obtain cash advances. Its functions include: 1) approving or denying credit card applications, 2) setting credit card account terms, 3) paying merchants for approved transactions via the merchant’s acquiring financial institution, 4) collecting credit card account payments from cardholders, and 5) providing customer service.

L

  • Level I card data: Captured vis-à-vis consumer credit card processing.
  • Level II enhanced data: Captured vis-à-vis B2B credit card transactions involving small-sized and medium-sized enterprises (SMEs). Sellers benefit from a reduced interchange fee, and therefore increased profits. 
  • Level III enhanced data: Captured vis-à-vis large corporate and government purchases. It includes Level II enhanced data capture, plus additional data capture of line item details such as product codes, descriptions, quantities, and unit costs. Merchants capturing line item data receive a significant Interchange rate discount, and transaction reporting is available to the company purchasing goods and services, for expense control.

M

  • Major card brands:  Visa, MasterCard, American Express, Discover, UnionPay, and JCB.
  • Merchant: A business that sells products and services to consumers.
  • Merchant account: A commercial bank account established by an Acquirer for a merchant, specifically used to process credit card and debit card payments. It also connotes the business arrangement between a merchant and a credit card processor that allows the merchant to accept payment cards from its customers.
  • Merchant account underwriting: Assumption of ultimate risk and acceptance of liability by an Acquirer on behalf of its merchants. The Acquirer guarantees payments for those specific claims against merchants that merchants fail to satisfy.
  • Merchant services provider: Provider of payment card processing and related services.  It is an intermediary between merchants, issuing banks, and credit card networks. (See merchant services.)
  • Merchant processing agreement (MPA): The contract between your merchant account provider and you that outlines the responsibilities and warranties of all parties involved in credit card processing.
  • Mobile credit card processing: Processing payment card transactions that were created using a mobile device; such as a wireless terminal, smartphone, or electronic tablet.
  • Monthly minimum fee: The amount that a processor charges the merchant if its discount rate, transaction fees, and other account fees total less than a pre-established amount defined in a merchant processing agreement (MPA).  For instance, if the monthly minimum fee amount is $25.00 per month and the accrued fees for a monthly period total $17.00, the account will be charged $25.00.
  • Mobile payments acceptance: A mobile app is downloaded to an electronic smartphone or electronic tablet, or a wireless credit card terminal is used.  The devices can accept electronic payments when the merchant is on the road, and when the merchant is trying to better handle a long customer line at a cashier’s counter during rush hour in a cafeteria or convenience store, by accepting payments in the middle of the line.
  • Monthly processing limit: The total dollar amount of monthly charge transactions a merchant service provider will allow a merchant to process before incurring additional fees, as defined in the merchant’s merchant processing agreement.
  • Monthly processing volume: The total dollar amount of periodic transactions processed during a period of one month, as reported on a monthly processing statement. In relation to a merchant processing application form, this is the merchant’s estimated total dollar amount of monthly electronic payments, including credit card and debit card transactions. It is used in conjunction with an estimated average ticket size to help the merchant services provider determine a merchant’s level of risk during the underwriting process.
  • MOTO: Acronym originally indicating a mail order or telephone order transaction. It now includes other card-not-present transaction types, such as orders received via e-mail and text messaging.

N

  • Near-field communication (NFC): A set of communication protocols enabling two electronic devices to establish communication by bringing them within 4 cm of each other. For example, devices with NFC capability accept smartphone payments.

O

  • On-line payment: See eCommerce payment.
  • Over-limit fee: A fee charged by a merchant services provider to a merchant when a monthly credit card volume limit has been exceeded.

P

  • Payment card: Denoting a credit, debit, prepaid, EBT, or ATM card.
  • Payment card industry data security standards (PCI-DSS): A set of requirements established by the credit card networks to protect confidential cardholder data and reduce the risk of data theft and the associated fraudulent use of cardholder identities. The standards apply to all merchants, merchant account providers, issuing banks, and credit card networks.
  • PCI compliance: Merchant compliance with payment card industry data security standards (aka PCI/DSS). Requirements may include an annual self-assessment questionnaire (SAQ), a quarterly network scan for firms that electronically store cardholder information or maintain application systems connected to the Internet, and on-site compliance investigations for larger firms.
  • PCI compliance validation certificate: Obtained by fulfilling applicable payment card industry data security standards requirements. See PCI compliance.
  • Payment method: An acceptable way that a buyer compensates a seller of goods and services. Typical payment methods used in business transactions include cash, checks, credit cards, debit cards, money orders, ACH direct payments, and wire transfers.  Cryptocurrency transfers are accepted by some major retailers and are also used for processing cross-border payments, to improve relative transaction processing speed and to reduce transaction costs.  
  • PCI non-validation fee: A monthly fee charged to merchants that have failed 1) to comply with payment card industry data security standards in a timely manner, or 2) to provide a PCI compliance validation certificate.    
  • Peer-to-peer (P2P) payment: Transaction generally involving a payment between one individual and another, including paying rent, sending money to friends and relatives, and splitting a restaurant tab; the latter can involve more than two people. An individual sets up a peer-to-peer account and links either a bank account or credit card. Transactions can be initiated via computer or mobile device. 
  • Personal identification number (PIN): A unique number selected by the consumer to be entered into a PIN pad vis-à-vis electronic payment transactions occurring at the point-of–sale. Its purpose is to reduce unauthorized use of payment cards. In the United States it is used predominantly for debit cards. In areas outside the United States such as Europe, chip (EMV) and PIN technology is used for most POS credit card payments, as well. Passwords are gradually being replaced in the United States; taking advantage of more secure, evolving technologies.        
  • PIN pad: Keypad used by a PIN debit card holder to enter a PIN at the Point-of-Sale.
  • Point-of-sale (POS): The point-of-sale, also known as the point-of-purchase, is where a retail face-to-face transaction is completed. In a retail store, it is the location of a point-of-sale system, or perhaps a credit card terminal, mobile terminal, wireless terminal, or virtual terminal.  At the point of sale, the merchant calculates the amount owed by the customer, accepts offered payments, and provides a sales receipt. For some transactions, an invoice may be prepared for payment at the present moment or for a future payment.     
  • Point-of-sale system: An electronic cash register system that can process payments, track inventory, market to customers, schedule employees, facilitate payroll accounting, and much more.  Benefits to the merchant include offering customer convenience, simplifying processes, and reducing transaction time and paper flow.   
  • Point-of-sale terminal: An electronic device used to capture, transmit and receive electronic payment information. A name used to describe 1) the cash register hardware of a point-of-sale system, and 2) the typical credit card terminal.
  • POS: Acronym for point-of-sale.
  • POS system: See point-of-sale system.
  • POS terminal: See point-of-sale terminal.
  • Prepaid card: A debit card pre-funded by or for a cardholder. It can serve as a budgeting tool or as a replacement for a bank account.  A prepaid card can offer convenience with few fees and is easy to obtain. It is also used to store payments; for example, replacing payroll and benefit transfer checks. Prepaid gift cards are prevalent in abundance wherever people shop.        

R        `

  • Real-time processing: Processing that occurs when a transaction is initiated; for instance, approving or declining a payment card transaction in seconds while the customer waits.
  • Recurring payments: Payments for products and services that are charged to a customer’s card account on a regularly scheduled basis; such as weekly, monthly, or annually. Web-hosting, club memberships, managed services, and other subscription services are examples of services billed on a recurring basis.
  • Retail payment: Payment transaction between merchants and consumers, or between small-to-medium sized businesses.  Retail business-to-business transactions are usually at a higher volume and lower average ticket amount than those categorized as wholesale payments.
  • Retrieval: The first step in the chargeback process. When a credit card transaction is disputed, the issuing bank requests a copy of the associated sales receipt and other transaction documentation from the merchant.

S

  • Shopping cart: See eCommerce shopping cart.
  • Smart card: See EMV.

T

  • Transaction volume: Total dollar amount of a group of transactions. 
  • Transit routing identifier: See American Bankers Association (ABA) number.
  • Transport layer security (TLS): A cryptographic protocol that provides end-to-end communications security over networks and is widely used for Internet communications and on-line transactions. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery.
  • Terminated merchant file (TMF): Also known as a match file, this database is maintained by third-party processors, banks and other financial institutions and lists the names of merchants for which privileges to process credit cards and other electronic transactions have been terminated by an Acquirer for significant violation of a merchant processing agreement.
  • Tokenization: Substitution of sensitive cardholder data elements located within data processing and application systems, using non-sensitive equivalents referred to as tokens. The sensitive data is securely stored, externally. For example, a card number and card expiration date would be replaced by tokens and the sensitive data might be stored off-site in a secure location.. Tokens reference and identify the externally stored sensitive data using a tokenization system, and it is infeasible to create or reverse the tokens except with its use. 

U                     

  • Underwriting: See merchant account underwriting.

V

  • Virtual card: A virtual card allows you to minimize the amount of personally identifiable information during an electronic payment transaction.  It is a randomly-generated card number associated with your actual credit card for one-time use. Depending on the issuer, you may be able to set a maximum charge amount for the virtual number, further protecting your transaction. Typically, you can set it to expire any time up to a year from its creation date.
  • Virtual credit card: See virtual card.
  • Virtual terminal: An on-line version of a credit card terminal which operates in conjunction with an Internet payments gateway; it can be accessed using any Internet web browser. It is used to enter and process electronic payment transactions and to access gateway search, reporting, and settlement initiation capabilities.
  • Volume: See credit card volume.

W

  • Wholesale payments: Payment transactions between large corporate firms; usually having a higher average ticket amount and lower total number of transactions than that found with SME business-to-business transactions. Wholesale business-to-business firms process back-office invoice payments using virtual or physical payment card terminals, and may have warehouse outlets utilizing retail POS systems to accept card payments.  Some might have their own delivery vehicles and accept COD payments using mobile card acceptance devices. These firms traditionally favor ACH bank transfer payments to card payments, yet are moving toward accepting more virtual cards that help their customers control expenses.  They are also moving toward accepting traditional card payments that help themselves to improve cash flow by reducing the time involved in receiving invoice payments, and by reducing transaction costs.     
  • Wire transfer (aka a bank wire): An electronic transfer of money, which typically processes from one financial institution to another using either the SWIFT or Fedwire network. It is favored when the recipient wants assurance that the funds will be immediately available; such as when a home purchase is made and a buyer is transferring funds into escrow for a down payment on a mortgage.
Posted in Fraud prevention, Glossary | Leave a comment

PAYMENT OPTIONS REFERRAL PARTNERS PROGRAM

 

The Payment Options Referral Partners Program offers a simple and easy way for you to add value to your existing services, to leverage your existing client base and professional networks, and to create a significant, new income stream.

 

Plan Benefits    

 

  • Provide a full-service merchant payments processing program to your clients, customers, and associates, without having to manage it
  • Increase customer loyalty with extended, value-added services
  • Offer professional customer service for merchant services established under the referral program
  • You receive significant, ongoing fee-based revenue

 

How it Works

 

  • Sign a Payment Options Finder’s Agreement
  • Send us your referral contact information
  • We take care of everything from beginning to end, with ongoing customer care
  • You get paid a monthly override for the life of the account

 

We welcome the opportunity to discuss this referral program with you. Simply use the convenient contact form or call us directly for more information:

 

Contact us: http://www.paymentoptionseps.com/contact-us.php

Telephone:    562 480-1611

E-mail:           info@paymentoptionseps.com

 

Posted in eCommerce, Electronic payments, Merchant services, Mobile payments, On-line payments, Referral Partners | Comments Off on PAYMENT OPTIONS REFERRAL PARTNERS PROGRAM

MERCHANT ACCOUNT UNDERWRITING 101

In order for businesses to accept credit card, debit card, and related forms of payments, a merchant account is required.  Some merchants attempt to arrange merchant accounts for their organizations with little knowledge of the process and issues addressed in obtaining them.  This can be very frustrating for merchants because of terminology used within the payments industry and because of the thorough underwriting process initiated to determine if a merchant account application is to be approved or denied.

The purpose of this article is to clarify the need to underwrite merchant accounts and to explain underwriting in enough depth so that merchants can effectively prepare as knowledgeable, willing participants in a process designed to protect all parties involved.

To better understand merchant account underwriting, it is helpful to understand some terms used within the payments industry:

  • Businesses that accept credit card and debit card payments in all forms are known as merchants
  • Merchant accounts are bank accounts specifically arranged to process funds vis-à-vis payments accepted by merchants
  • An acquiring bank originates and maintains merchant accounts
  • Financial institutions that process credit card and debit card transactions for merchants are known as acquirers
  • Financial institutions that issue credit cards and debit cards to customers are known as issuers
  • Customers are those who purchase goods and services from merchants
  • A chargeback is a demand by an issuer for a merchant to refund money to a customer for an allegedly fraudulent or otherwise disputed transaction
  • Underwriting, as related to merchant accounts, is assumption of ultimate risk by an acquirer on behalf of its merchants, which guarantees payments to issuers for claims against merchants that merchants fail to satisfy
  • Familiar card brands include Visa, MasterCard, American Express, Discover, UnionPay, and JCB

 

Merchant account underwriting involves careful analysis and rigorous evaluation of merchant account applicants by acquirers to ensure that businesses that wish to accept electronic payments from customers are honest, viable, and meet certain basic standards.

Firstly, there is the well-founded risk that some merchants will use a merchant account for fraudulent purposes; merchant fraud is common and costly. Secondly, merchants accepting electronic payments must have the capacity to fulfill financial obligations. Engaging with merchants may present unacceptable risks of loss for the acquirer, which is ultimately financially liable for charges against the merchant’s account if the merchant fails to meet its commitments; for instance, for charges that might result from excessive refund and chargeback transactions. Thirdly, merchants must also meet certain basic requirements established by the card brands for financial and ethical conduct. The merchant account underwriting process addresses these concerns with due diligence.

 

Merchant Fraud

PHOTO BY: CreditDebitPro

According to Ron Teicher of EverCompliant, a fraud-prevention firm, “merchant fraud is still one of the most common and costly causes of financial loss for acquirers.”1 So reasonable questions arise during the underwriting process: Is it possible that this merchant is going to process fraudulent transactions? Is this merchant applying for a merchant account just to obtain an ill-gotten line of credit? Is the merchant using a stolen identity or a fake on-line presence? Will it allow other unacceptable businesses to launder actual or fictitious transactions through its merchant account? Mr. Teicher’s firm has estimated that money laundering is a substantial problem and that, of on-line sales, “$6 billion involves illegal goods sold on-line by an estimated 335,000 unregistered merchants.”2

According to David Steinberg of Merchant E Solutions, his firm rejects from five to ten percent of all applications it receives, to protect itself. In one scheme affecting the firm, fraudsters registered numerous domain names, set up fictitious web-sites as believable businesses, and arranged merchant accounts with several different processors. Then stolen credit card numbers were used to make fraudulent purchases on the web-sites and the money flowed unimpeded into the fraudsters’ bank accounts. “If you don’t catch it you could lose hundreds of thousands of dollars over a weekend,” said Steinberg.3

An important aspect of merchant account underwriting, therefore, is to verify that payments represent valid business transactions between merchants and cardholders.

 

Merchant Viability

PHOTO BY: Ken Teegardin

Can the merchant generate income to cover operating expenses and debt commitments? Does income allow for growth and continuing quality service? The acquirer, of course, wants the merchant to be successful, because then both will benefit from their ongoing relationship. That said, because the acquirer is ultimately responsible to the merchant’s customers, it therefore needs to measure the degree of risk involved.  If the level of risk is acceptable and the merchant account application is approved, then the acquirer 1) accepts the risk of loss and 2) guarantees the merchant’s funding of charges against the account.

 

Merchant Qualifications

PHOTO CREDIT: Pixabay

The card brands have defined basic requirements for merchants accepting payment cards from customers. Additionally, acquirers prohibit or restrict certain specific products and services offered by merchants that are considered to be illegal or that may be prone to high levels of financial risk and liability.4 High-risk merchants are subject to additional underwriting requirements.

Many new businesses qualify and present acceptable risks; given that they have provided any requested business documents, financial information, or guarantees.

 

The Merchant Account Underwriting Process6

PHOTO CREDIT: Pixabay

The underwriting process requires the same due care that a reasonable person would take to avoid harm. Due-diligence methodically researches areas of potential risk to establish that facts presented by a merchant have not been misrepresented. Overall underwriting objectives include assessment of an applicant’s financial viability and integrity, and detection of potential fraud, bribery, and corruption.7 The process includes review of an applicant’s business background, operations, locations, and principals. The underwriter may seek information from credit reports, financial statements, income tax returns, and other lawfully available sources of information during the course of its investigation.

Business background

A background check, among other things:

  • Verifies that a merchant is a bona fide business and that applicants are indeed the principal business owners
  • Considers how long a merchant has been in business
  • Determines if the business form is corporation, partnership, or sole proprietorship
  • Verifies legal and fictitious (dba) business names to ensure that the business is legitimate

Credit checks are an important indicator of the merchant’s financial stability and are used vis-à-vis all applicants; excepting publicly listed and non-profit corporations. Bankruptcy filings and other credit difficulties are taken into account, and merchants previously associated with merchant account risk programs are identified. A low credit score isn’t necessarily a disqualifier for merchant account approval, because acquirers may have tools available to mitigate particular risk cases.

Prior merchant account relationships are reviewed to assess transaction history vis-à-vis customers, and will also determine if a merchant account previously held by an applicant has been terminated by an acquirer. If so, the nature of the termination will be investigated.

When large processing volumes are involved, merchants may be asked to provide information about other owned or operated businesses.

Business operations

A review of business operations can entail:

  • Data security
  • Operating statistics
  • Orders and shipments
  • Chargeback handing
  • Billing
  • Credit, refund, and exchange transactions
  • Guarantees and warrantees
  • Inventory
  • Fulfillment

The underwriter will verify that the merchant has sufficient safeguards in place to protect account data from unauthorized access, disclosure, or use.

Operating statistics will help the underwriter determine expected business revenue and indications of customer service issues.  The estimated dollar amounts of total sales and electronic payments to be accepted, as well as available chargeback data, are useful indicators.

The underwriter will want to know how merchants who receive orders and ship merchandise handle these transactions. For instance, the underwriter will want to make sure that the merchant charges customers on or after the merchandise shipment date, that applicable deposits are charged separately when taken, and that the duration of time between an order and its shipment is not excessive. These procedures decrease the risk of cancellations and chargebacks from dis-satisfied customers.

Does the business have a history of formal customer disputes resulting in charges to the merchant account? The underwriter will evaluate an existing firm’s chargeback history to make sure that frequency, quantity, and reasons for the disputes are within acceptable limits. A merchant with a significant number of chargebacks may be subject to reserved funds, held funds, or potential merchant account termination when chargebacks exceed certain thresholds.

The underwriter will look at an applicant’s billing terms and procedures, as may be applicable, and will look closely at long service terms such as annual subscriptions, for which subscribers are more apt to cancel and request refunds.

Are credits, refunds, or exchanges allowed? Flexible policies can reduce the risk of chargebacks. The underwriter can be expected to review terms and conditions of a merchant’s standard sales contract to determine if credits, refunds, and exchange transactions are appropriately processed.

If the merchant sells ongoing services such as guarantees and extended warranties, service contracts will be reviewed; if third parties provide these services on behalf of the merchant, they will be identified.

A review of the merchant’s inventory will assess issues affecting the merchant’s ability to meet its financial obligations. It will seek assurance that stated inventory reflects the sales volume disclosed by the merchant, will determine if the owner owns or finances the inventory, and will identify such things as contractual relationships that might affect financial stability if terminated.

If a third party is to fulfill orders and ship merchandise for the merchant, then its contract with the merchant will be reviewed and its references will be checked.

Merchant’s business environment

The underwriter will assess the business environment in which the merchant is to operate by verifying that the environment and location are suitable for the type of business, and by ensuring that the geographic location isn’t known for excessive fraudulent activity.

The underwriter will also determine if the property is owned or leased and how long the business has operated at its present location, and may request identity of the mortgage holder or landlord for its records or for further research.

Merchant’s principal officers or owners

The underwriter will collect detailed information about each principal having a material interest in the business; including identification, percentage of ownership, and the duration of ownership.

Merchant qualification standards

The underwriter will ascertain whether the prospective merchant and its principals will operate under basic qualifications defined by the card brands:

  • All federal and state laws must be followed
  • All transactions must be legal
  • The merchant must be financially responsible
  • The merchant must not be involved in any activity that may harm the payments system

 

Special Consideration for Transactions Involving eCommerce, Mobile Payments, Mail and Telephone Orders, Recurring Payments, and Subscriptions

PHOTO CREDIT: Creative Commons

Underwriting for the card-not-present environment, in which a card will not be physically presented face-to-face to the merchant during the payment transaction, requires additional care because this environment is a primary target of fraudsters. The underwriter will seek to make certain that the merchant’s business model is legitimate and, for electronic transactions, will research 1) the service provider to be used by the merchant to process, transmit, and store cardholder data; 2) associated web-sites; and 3) any mobile device applications used for payment acceptance. Businesses expecting large payment processing volumes may be asked to provide business plans, merchandise samples, the policy for handling return transactions, and relevant marketing materials.

 

Separate Internet Merchant Application

Merchants must apply for a separate merchant account for payments accepted via the Internet. Payments taken vis-à-vis web-site eCommerce and mobile device applications are classified as internet sales.

An independent Internet merchant account facilitates:

  • The merchant’s ability to separately track sales by channel
  • The merchant’s ability to monitor customer acceptance of the modes in which products and services are offered for sale
  • Enhanced underwriting due diligence required for Internet merchants
  • Proper representation of a merchant’s information on receipts and bank statements received by customers who have made on-line purchases

Additional Internet merchant application information

The underwriter collects and verifies additional application data for internet merchants to mitigate enhanced risk exposure.  The data include:

  • Relevant web-site URLs
  • Web-site and domain ownership
  • Customer service processes
  • Marketing affiliates
  • Terms and conditions of sale
  • Data privacy

The underwriter will verify ownership of domains and web-sites and will review how the customer service function facilitates communications with the customer. Naturally, high customer service performance levels decrease the likelihood of customer disputes and chargebacks.

 

Merchant Website Disclosure

The underwriter will ensure that Internet merchants provide required disclosures for customers, which may include:

  • Appropriate payment industry brand marks
  • Known legal restrictions
  • Return and refund policy
  • Customer service contact information
  • Merchant address
  • Transaction currency (i.e., U.S. dollars, etc.)
  • Known export restrictions
  • Delivery policy
  • Consumer data privacy policy
  • Security capabilities and policy for transmission of payment card details
  • Terms and conditions of a promotion, if restricted.

 

Free Trial Period Merchants

Some merchants offer free trial periods for particular products and services, after which the terms or cost of the product or service changes and customers are charged on a recurring basis. The underwriter will ensure that these merchants adhere to stringent customer disclosure.

 

Summary

Merchants seeking to accept credit card, debit card, and related payments from customers may pose potential risks to the payments system.  These risks can affect other merchants, acquirers, issuers, and customers, alike, and deserve a comprehensive appraisal before applicants for a merchant account and acquirers enter into agreements. A thorough understanding of this process by merchants can expedite timely and efficient boarding of acceptable merchant accounts.

1https://www.finextra.com/blogposting/14769/three-types-of-merchant-fraud-a-guide-for-merchant-acquirers

2https://ftalphaville.ft.com/2017/09/27/2193969/transaction-laundering-should-be-a-top-priority-for-regulators-in-2018/

3http://www.nbcnews.com/id/6175738/ns/technology_and_science-security/t/fake-companies-real-money/#.WrGSyGrwaUk

4https://www.creditcards.com/credit-card-news/credit-card-security-id-theft-fraud-statistics-1276.php

5https://merchant-apply.com/prohmerchants.html

6The following underwriting passage largely draws on information found in Visa Global Acquirer Risk Standards: Visa Supplemental  Requirements https://usa.visa.com/dam/VCOM/download/merchants/visa-global-acquirer-risk-standards.pdf

7https://www.hg.org/bribery.html

 

 

 

Posted in Electronic payments, Merchant services, On-line payments | Comments Off on MERCHANT ACCOUNT UNDERWRITING 101

HOW TO FIND THE RIGHT MERCHANT SERVICES FIRM

 

 

 

So you’re setting up an eCommerce site or mobile payments, or opening a retail store or B2B operation, and you’re looking for a merchant services provider to set you up to accept electronic payments.  Or maybe you’re unhappy with your current merchant services provider.  Maybe you just can’t put your finger on the real problem and yet you’re on the verge of switching gears.

 

In either case, if you’re actually thinking about this then take time to consider some of the primary factors involved in selecting the right provider.  For example, having an effective account manager or merchant services representative in your corner, dealing with a firm that quickly solves your problems, and understanding rates and fees in relation to value-added services can set the stage for long-term, beneficial working relationships.

 

Account Manager / Merchant Services Representative

 

 

 

 

 

Do you have an effective account manager or merchant services representative in mind or already working with you?

An experienced representative will be knowledgeable about your industry segment and how others within that segment use electronic payments to address existing needs and future goals.  This person will have electronic payments expertise and will educate you when necessary, will help you to identify and define your short-term requirements and long-term goals, and will freely offer professional recommendations.  The skilled representative has your best interests in mind and will let you know about recommended solutions provided by the represented firm, as well as solutions provided by other firms in cases when the represented firm doesn’t offer them.  If you’re looking for a representative, the advantages of carefully searching for and selecting the right person to assist you can’t be overstated.

 

Customer Service

 

 

There are many fine customer service departments and customer service people who do their utmost to help customers in the best ways possible.  Yet some are thwarted because they lack authority to deal with certain issues, or because systems are lacking that would facilitate customer problem-solving, or because the systems in place actually get in the way.

 

You’ve possibly been there before—customer service hell! You have a problem you’ve been trying to correct for hours amidst your busy daily activities.  Then your provider’s automated phone system keeps you on your toes for 5 – 10 minutes.  Next, the customer service representative takes 10 more minutes of your valuable time on the phone assuring you that you’re speaking with your personal representative, determining that it’s okay to be your best buddy, and grilling you for every detail of your life’s history because they receive calls all day long from people who aren’t who they say they are.  You appreciate their efforts in protecting your interests and wonder at the same time why a simpler way of handling this hasn’t been thought out.  Then it all goes downhill from there when the person you’re speaking with can’t help you for one reason or another and transfers your call into call-waiting paradise.

 

There is hope, though!  If poor customer service is a concern for you, then find a merchant services provider that empowers its employees to help you with your needs and to solve your problems.  There are plenty of firms out there that thrive on this aspect of providing excellent customer service.

 

Rates & Fees

 

 

 

Are you concerned that merchant account rates and fees may be too high?  This is one of the most common reasons businesses switch services.  Is it justified?

As with most things we buy, price is one of the first things that come to mind.  Yet do we sometimes shoot for the lower price without thinking about the importance of the value we’re receiving?  Did that apple taste good?  Did that umbrella keep me dry?  In relation to merchant services, we might ask ourselves, Is our representative knowledgeable, helpful, friendly, and responsive?  Sometimes factors like this can make all the difference.

The greatest percentage of merchant account rates and fees assessed consists of a category named interchange, which has been established by the major card brands.  They price these charges by card and transaction types and assess them for all transactions, regardless of the firm providing your service.  Interchange fees for credit cards are determined by such factors as the costs associated with marketing certain kinds of card products; for example, personal cards, rewards cards, business cards, and corporate cards.  Another important factor is the increased risk of loss associated with certain types of transactions.   For instance, eCommerce transactions processed over the Internet have greater risk of being fraudulent than transactions involving EMV security chips in a face-to-face retail environment, and so a higher interchange rate is assessed.  Interchange charges assessed to merchants for most debit card transactions have been set as a result of federal regulations enacted vis-à-vis The Dodd–Frank Wall Street Reform and Consumer Protection Act of 2010.  In 2015, there were more than twice as many U.S. debit card transactions as credit card transactions.1

 

 

Credit card processing companies and subsidiary independent sales organizations (ISOs) provide many value-added services directly to merchants, which have associated costs.  These services may include the following:

  • Internet payments gateways supporting eCommerce, back-office transactions, and mobile payments;
  • point-of-sale (POS) systems with CRM capabilities;
  • credit card terminals;
  • fraud prevention services using advanced predictive analytics technology;
  • payment card industry (PCI) compliance resources to enhance data security;
  • application programming interfaces (APIs);
  • specialty products, services, and applications; and,
  • transaction authorization and settlement.

The discerning organization will of course itemize its relevant costs and quantify return on investment when selecting the particular value-added services that help it to sustain itself and grow in relation to its near-term and long-term requirements.

 

Summary

If you are looking for a merchant services provider, consider some important factors that can affect your selection of the right firm: 1) having the guiding hand of an experienced, professional representative, 2) using a provider known for excellent customer service and, 3) balancing rate and fee issues with the over-all value to your organization of the services provided.

 

1 http://creditcardforum.com/blog/credit-card-statistics/

 

 

 

 

 

 

Posted in eCommerce, Electronic payments, Merchant services, On-line payments, Project planning | Comments Off on HOW TO FIND THE RIGHT MERCHANT SERVICES FIRM

A SYSTEMS APPROACH TO ORGANIZATIONAL CHANGE

Are you considering how to go about improving organizational performance?  In Change-Agent Skills B: Managing Innovation & Change, Gerald Egan encourages each employee to be a change agent and recommends a three-pronged approach:

  •  Assess the current scenario

How well is the company doing in the area to be reviewed?  What problems, needs, resources, opportunities, and challenges need to be addressed?

  •  Create a preferred scenario

What do you want?  What would your organization, unit, program, or project look like in your ideal world?

  •  Design a plan to move the system from the current scenario to the preferred scenario

How would results be accomplished?  What is the action plan or strategy?

 

 A SYSTEMS APPROACH

When systems are involved, the Systems Development Life Cycle approach can be adapted to your purposes.  Here are some common steps to consider:

  •   Identify a need or opportunity

Does a problem need to be solved?  Is there an opportunity to be exploited?  What has contributed to the problem?  What potential exists for a new approach or development of a new idea?

  •  Define the scope of the project

What are the project boundaries?  Has a cost / benefit analysis been prepared?  What are the risks and how will they be managed?  What is the feasibility that the project will succeed in meeting its objectives?

  •  Plan the acquisition of resources

Do decision-makers understand the benefits of pursuing the project so they can determine how it affects strategic decisions?  Is there a firm grip on the return on investment?  Will everyone affected by the project be involved to the extent possible?

  •  Analyze your needs and requirements

What is going right and what are the shortcomings?  What are the goals, desired functions, and limitations?  What assumptions exist regarding this project?  Is a process in place to handle changes to the requirements as the project proceeds?

  •  Acquire, or design and develop, systems that deliver required functions

Are systems available on the market to fulfill your requirements or will appropriate internal resources, including a cost-effective and secure systems environment, be used to develop and maintain the required databases, application programs, and operating systems?

  •  Integrate and test

Does the system interact with other systems in the required manner?  Does the system conform to the specified requirements?

  •  Implement the new system

Has the proper technology been utilized?  Is the organization ready and supportive of the change effort?  Have all processes affected by system implementation been considered?  Have all system users been involved with its implementation?

  •  Maintain and operate the new system

Are appropriate system maintenance and operations practices in place?  What might post-implementation and operating reviews of your new or enhanced system reveal?  How will problems be dealt with?

Using well-established procedures to implement your change program can turn seemingly daunting tasks into rewarding outcomes.

 

Editor’s note: This article was first published in July, 2011, and has been updated.

 

Posted in Organizational change, Project planning, SDLC | Tagged , , , | Comments Off on A SYSTEMS APPROACH TO ORGANIZATIONAL CHANGE

Fighting Payments Fraud

CARD NUMBERS: protect them or…!

Who isn’t concerned these days and cautious about identify theft and misuse of payment card account numbers? In 2016, 15.4 million consumers lost $16 billion; up from $15.3 billion lost by 13.1 million consumers in 2015.  “The overall fraud incidence rose 16% to affect 6.15% of U.S. consumers, from 5.30% in 2015 — the highest on record.” This, according to the 2017 Identity Fraud Study from Javelin Strategy & Research!  In a previous study, Javelin indicated that, “Businesses and financial institutions are more susceptible than ever to leaks, cyber-attacks, malware, and data breaches.”

In high-risk settings, such as businesses that electronically store customers’ cardholder data, privacy of data is a serious issue.

 

WHAT IS DATA SECURITY?

Is your electronically stored data protected against intentional and unintentional corruption and unauthorized access and use?  Data security, in general, refers to ways of maintaining its integrity, security, and privacy and preventing undesirable outcomes.

WHAT IS THE PAYMENT CARD INDUSTRY DOING ABOUT IT?

In response to a growing threat to the privacy and security of cardholder data, Payment Card Industry Data Security Standards (PCI/DSS) have been developed, “to help facilitate the broad adoption of consistent data security measures on a global basis.”

Compliance with PCI/DSS is mandated for all businesses and organizations accepting electronic payments or storing, processing, or transmitting cardholder data.  This includes eCommerce web-sites, retailers, financial institutions, merchants, and service providers.  Compliance requirements vary, depending on the annual number of payment card transactions a firm processes per year and its data security history, and range from a simple annual on-line survey for small-volume organizations to periodic on-site audits for the largest firms.

WHAT CAN COMPANIES DO NOW?

Companies can always do more to protect sensitive data against identity theft.

For instance, some perpetrators feed on the ‘Account on File,’ extracting bank account and credit card data which is then used to open fraudulent accounts.

If your firm allows its customers to create and maintain an ‘Account on File’ to be used with subsequent purchases and re-orders, or if it otherwise stores sensitive cardholder data, it can use tokenization to protect its customers. Tokenization substitutes meaningless data elements–tokens–for sensitive data which is stored off-site; usually in secure, third-party storage facilities.

Data security, which builds customer confidence, is something to be addressed early-on and can be facilitated by compliance with payment card industry standards.  Many companies have found these to be a welcome guide to meeting their own data security objectives.

Complete information about the Payment Card Industry Council, its standards, Qualified Security Assessors, and Approved Scanning Vendors, is available at www.pcisecuritystandards.org. 

 

 

Editor’s note: This post was originally published in July, 2011, and has been updated with currently relevant data.

 

 

 

 

 

 

 

 

 

 

 

Posted in Electronic payments, Fraud prevention, Identity theft | Tagged , , , | Comments Off on Fighting Payments Fraud

HOW TO ACCEPT eCOMMERCE PAYMENTS ON-LINE

Accepting eCommerce payments on-line can be arranged by integrating an eCommerce shopping cart with an Internet payment gateway in conjunction with an eCommerce merchant account, and applying appropriate data security standards.

According to PYMNTS.com, less than one third of new retail stores selling to consumers offer on-line payments to their customers, and that, “could spell doom in this connected and convenience-driven market.” Read the article.  Online sales are increasing year-over-year.  About 190 million U.S. consumers—more than half the population—will shop on-line this year, according to Forrester Research, as reported in the Wall Street Journal.  Read the WSJ article.

One reason so few new businesses accept on-line payments from the start may be that it appears to be a difficult project.  So let’s divide it into its parts and simplify things.

As an example, let’s look at how a small-sized or medium-sized business would include customer on-line payments capability as it creates an eCommerce web-site.  As the web-site is being designed, consider how information about the products and services to be sold is managed and how to accept payments on-line in a secure environment.

These tasks can be accomplished in a straight-forward manner.  A qualified web-site developer can recommend an appropriate shopping cart for the web-site.  A professional merchant services representative will arrange an Internet payment gateway and a merchant account, and will help the business comply with data security standards.

 

 

SHOPPING CART

An eCommerce shopping cart is the content management system which typically provides the web-site with a catalog of available products and services, pricing, product images, and consumer reviews.  It may also include features for shipping, analytics, and marketing.  When selecting a shopping cart, choose one certified by your Internet payment gateway and merchant services providers to ensure compatibility.

Click here for a convenient guide to finding the right shopping cart for your business.

 

INTERNET PAYMENT GATEWAY  

What is an Internet payment gateway?

An Internet payment gateway makes payment processing available using any device having an Internet connection.  As used in eCommerce, it connects the merchant’s web-site with a card processing company to facilitate payment transaction authorization, data capture and settlement.

When a retail customer makes an eCommerce payment, the payment gateway immediately sends a transaction authorization request to the card processor.  The processor forwards the request either to the institution that originally issued the card to the customer or to the institution that holds an eCheck associated bank account.  The institution verifies that an account is active and open and that there is sufficient credit or funds available to cover the purchase amount.  Fraud control procedures attempt to identify suspicious transactions.  The result of the authorization request is returned to the eCommerce web-site.  If the customer has provided an e-mail address, then a receipt for an authorized transaction can automatically be provided to the customer.  If the transaction is declined, then a reason is provided.

Payment gateways also facilitate data capture, clearing and settlement activities by periodically closing and transmitting batches of transactions to the payment processor for its use in performing these functions.  The clearing function exchanges non-financial transaction data among financial institutions and the settlement process exchanges the funds associated with the cleared transactions.

Click here for more information about clearing and settlement.

Retail Internet payment gateways typically include most, if not all, of the following features:

  • Acceptance of all major credit cards, signature debit cards and electronic checks
  • Fast, reliable and secure transmission of transaction data
  • Acceptance of digital payment solutions like AndroidPay, ApplePay, PayPal, and Visa Checkout
  • Acceptance of international payment transactions
  • A mobile payments app, which provides the capability for a business to accept payments using a cellular phone, tablet computer or other device
  • A virtual terminal, which lets a merchant use a personal or laptop computer to manually submit payments for orders received by telephone, e-mail or fax, and to review, refund and void transactions
  • Batch processing, which provides for submission of large numbers of payments requiring manual entry; as is the case in a call center
  • Secure management of confidential information using tokenization, which prevents on-site theft of cardholder data
    • Replaces in-house sensitive cardholder data with tokens only the merchant can use
    • Stores sensitive cardholder data off-site in a secure third-party facility accessible only by using merchant tokens
  • Fraud reduction accomplished by identifying, managing and, when appropriate, preventing processing of suspicious payment transactions
  • Transaction reporting with sophisticated search capabilities
  • On-line payments gateway account access to configure how transactions are handled

 

MERCHANT ACCOUNT

What is a merchant account?

A merchant account is a bank account specifically designed to process customer payments.  Retail eCommerce payments primarily consist of electronically processed credit card, debit card, and electronic check payments made by customers as they shop at an eCommerce web-site.

Select a professional merchant services representative

When arranging a merchant account, use an experienced merchant services representative.  A professional representative will be knowledgeable and focused on understanding and responding to your specific goals.  The representative will educate you as necessary to help you achieve your objectives, will offer appropriate recommendations, and will maintain a long-term focus that can help you as your business grows.

Merchant account application

Your merchant services representative will help you complete the merchant account application packet, which is a collection of information about the business, its principals, processing limits, and rates and fees.  A complete packet will disclose important information about liability of the parties, assumed risks, and how disputes are handled.  It will identify responsibilities of the bank that will maintain the merchant account and responsibilities of the merchant.

The application packet for an eCommerce business will include pertinent information about how the business is conducted and standards for accepting payments over the Internet.  These standards relate to things like how the business will handle disclosures, refunds, cancellations, shipping, and privacy.

 

DATA SECURITY STANDARDS

Although data security is never fool-proof, optimizing it will help protect customers from fraudulent use of their sensitive cardholder information.  It also will help the business protect itself from liability for fraudulent transactions and from loss of goodwill.

The payment card industry has implemented standard policies and procedures to help businesses and financial institutions reduce fraud by protecting their payment systems from breaches and theft of cardholder data.  These standards apply to any merchant that processes, stores or transmits credit card data, regardless of size.

A small-sized to medium-sized business complies with these policies by, at a minimum, completing an annual self-assessment questionnaire.  eCommerce merchants may be subject to periodic external scans of their computer systems to ensure that they are secure from unauthorized data access.  Larger firms are subject to on-site inspection of facilities.  These checkpoints are intended to help businesses and service providers enact appropriate safeguards.

A professional merchant services representative can educate the eCommerce merchant regarding the standards and can arrange for a qualified security assessor to monitor and assist with technical aspects of compliance.

Click here for the Wikipedia entry for the Payment Card Industry Data Security Standard (PCI / DSS)

Click here for the PCI Security Standards Council web-site on PCI security.

 

SUMMARY

Accepting on-line eCommerce payments is important for the sustainability and growth of the business.  To implement on-line payments, select the right shopping cart and implement the components of Internet payments acceptance: Internet payment gateway, merchant account, and appropriate data security standards.  A qualified web-designer and professional merchant services representative can help you meet your objectives and prepare for the future.

 

Posted in eCommerce, Electronic payments, Mobile payments, On-line payments | Comments Off on HOW TO ACCEPT eCOMMERCE PAYMENTS ON-LINE

WANT THE FACTS ABOUT CHIP CARDS?

Learn what chip cards are, why consumers are getting them, how to accept them them and more at www.GoChipCard.com/merchant.

Chip Cards are here in the U.S.!
GOCHIPCARD.COM

 

Posted in Fraud prevention | Comments Off on WANT THE FACTS ABOUT CHIP CARDS?

EMV: ARE YOU IN THE GAME?

 

 

EMV MERCHANT LIABILITY AND EMV USAGE                

 

Are you up-to-date on current issues affecting the implementation of EMV technology used in accepting card payments?  Are you aware, for example, that liability for fraudulent face-to-face retail card payment transactions has shifted to merchants as of October 1, 2015,unless equipment has been upgraded to process EMV transactions?

 

As of May, 2015, three out of four consumers had expected to use their EMV cards where they shopped and 68% of consumers had an interest in EMV for their personal protection and security.By the end of 2015, 60% of issued U.S. credit cards and 25% of U.S. debit cards are expected to be EMV cards.3 Magnetic strips will continue to appear on EMV cards in the near term for use with antiquated terminals, and EMV terminals will automatically require insertion of EMV cards into an EMV reader slot. More than one billion EMV cards are expected to be in the hands of U.S. consumers by the end of 2016.4

 

 

IS EMV CHIP & PIN STILL A RELEVANT FACTOR?

 

EMV ‘Chip & PIN’ technology, used in Europe and elsewhere for more than 20 years, requires entry of a cardholder’s personal identification number (PIN) to authenticate a retail payment transaction; which provides more security of sensitive cardholder data than simply requiring a cardholder’s signature.5 Our federal government now requires EMV Chip & PIN for all its card payment transactions,6  and some major retailers argue for its use today within all retail stores.  PIN entry, however, isn’t considered to be as relevant a fraud prevention tool as it was when first introduced in Europe, and as EMV is being implemented throughout the U.S., it appears that most EMV consumer transactions will only require the cardholder’s signature.

 

 

MODERN APPROACHES TO PAYMENT FRAUD PREVENTION  

 

According to Stephanie Ericksen, Vice-president of Risk Products at Visa, the U.S. is adopting an approach currently taken by both Europe and Canada, which is to move away from PINs in favor of newer technologies.  Tokenization, for instance, substitutes tokens for sensitive cardholder data which up to now has typically been stored within independent merchant databases; and end-to-end encryption makes such data indecipherable to hackers from the point where data is first entered into a device until it is deciphered by an intended recipient.  These and other technologies, such as biometrics and multi-factor authentication, address the ever-changing direction of fraudulent activity in relation to consumer and business payments.  For example, reduction in fraud within retail stores has resulted in increased on-line fraud, including eCommerce, and the newer technologies can more broadly address fraud prevention for both.   Doug Johnson, Senior Vice-president of Payments and Cyber-security Policy at the American Bankers Association, adds that only about 5% of card fraud comes from stolen or lost cards, the kinds of transactions a PIN defends against; implying that it is best to invest in newer innovations than to expend effort on implementation of less effective PIN technology.

 

 

CAN YOU HELP?

 

The payments industry is mandating implementation of systems to protect consumers from harm, and most large retailers and a substantial percentage of small retailers are already on board with this effort.8  Many retailers, however, remain uninformed about EMV and the first step is education. As for consumers, obviously some will begin to seek out merchants that will protect them and some will avoid those that won’t.9  

1 http://lp.verifone.com/media/2146788/emv_key_dates_chart_021213.pdf

2 file:///C:/Documents%20and%20Settings/Home/My%20Documents/Downloads/Final_ChipCard_Consumer_Attitudes_May2015%20(1).pdf

http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php

4 http://www.digitaltransactions.net/news/story/U_S_-Card-Producers-Prepare-To-Crank-Out-EMV-Cards-in-Big-Numbers

5 http://www.wsj.com/articles/why-new-credit-cards-may-fall-short-on-fraud-control-1420423917

6 http://www.bankinfosecurity.com/government-rolls-out-chip-pin-a-7826/op-1

7http://www.computerworld.com/article/2991473/financial-it/fbi-takes-down-alert-on-chip-credit-cards-after-bankers-complain.html

http://www.verifone.com/media/5000868/emv_handbook.pdf

9 http://www.pymnts.com/company-spotlight/2014/why-u-s-consumers-are-itching-for-emv-cards/

 

 

 

 

 

 

 

 

 

 

 

 

Posted in Fraud prevention | Tagged , , , | Comments Off on EMV: ARE YOU IN THE GAME?

EMV: IMPLEMENTING A MORE SECURE PAYMENTS SYSTEM

 

“If you want total security, go to prison.”

– Dwight D. Eisenhower

 

ACTION—REACTION

 

The shift of financial liability to merchants for those fraudulent POS card-present transactions not processed via EMV-enabled equipment will occur October 1, 2015.  As consumers have become increasingly aware of the fragile nature of data security, they have become more concerned about how their personal information is protected, and electronic payments are a case in point.  As a result, financial institutions and merchants alike are now placing the economics of adjusting to EMV aside, in favor of protecting their customers.

 

MERCHANT CONVERSION 

 

Some merchants may be hard-pressed to avoid the deluge of last-minute requests to purchase new EMV-capable equipment and software by the deadline, and will incur liability.  Merchants uncertain about how to proceed might best benefit now by deciding to educate themselves about EMV, by simplifying available information, by engaging the issues, by identifying the choices, and by acting quickly to protect everyone’s interests.1

 

A PROCESS OUTLINE

 

Necessary changes to priorities, policies, or how work is performed may be in order, and a structured change program that defines the need for change, envisions the future, assesses the present situation, and plans for implementation can facilitate transition to a safer payments environment.2

Process references:

1 “Flawless Consulting,” Peter Block; University Associates.

2  “Organizational Transitions,” Beckhard & Harris; Addison-Wesley.

 

 

Posted in Fraud prevention, Project planning | Tagged , , , , , , , | Comments Off on EMV: IMPLEMENTING A MORE SECURE PAYMENTS SYSTEM