The Ultimate Guide to Credit Card Processing
Even if you know next to nothing about credit card processing, you know it’s a subject that’s been written about at length, usually accompanied by a fiery opinion because of some issue or another that was confused or obscured in some way. Unfortunately, that’s the kind of beast credit card processing is, and there isn’t any one guide that explains the basics.
This post is mainly for you – maybe you really don’t know all that much about payment processing and were thinking about implementing it for your business, or you have a merchant account already but wanted to refresh yourself without being absolutely bathed in technical jargon. But, chiseled processing veterans may gain something from this yet, so no matter who you are, don’t shy away. Here is the ultimate guide to credit card processing!
Step One: Assess your Business
Assess your business to determine whether or not you’ll be approved, and to determine the kind of credit card processing you’ll need. Contrary to some beliefs, credit card processing is not a one-size-fits-all venture. Depending on what kind of business you operate or your card acceptance procedures, proposed or already realized, some processors will not be able to accommodate you at all. Unfortunately, many business owners don’t know this and try their hands at multiple processors, wondering why they can’t seem to catch a break.
Here’s what you should think about before anything else:
How does your credit look?
That’s a general question, so consider everything here: personal credit history, potential business tax liens, the standing of past merchant accounts, and other things like that. Payment processors will weigh all sorts of different scores before their machine spits out a yes or a no when it comes to your processing application.
There are ways to fix all the things I mentioned, of course: You can elect to have another officer of your company sign on your account if your own credit history isn’t so hot; you can make sure tax liens are removed from your record by filling out a special form from the IRS (for US-based companies); you can call your past payment processors and be sure you’ve paid all your past dues.
What sort of business do you run?
Despite what you may think, the kind of business you run has a great effect on whether or not you’ll be accepted by a processor as a client. Certain processors prefer not to do business with companies in certain kinds of industries, either because of negative social stigmas or a higher risk of chargebacks (hence the term high-risk).
A good rule of thumb is this: If someone has ever voiced a negative opinion of your industry, it’s probably high-risk – and, that may not be politically correct, but them’s the shakes. Firearms dealers? Check. Adult industry stores? Yep. Outsourced tech support lines? Indeed. Nutritional supplements? Same thing.
Certain credit card processing providers are in business only to serve companies in your industry, believe it or not – even high-risk businesses. It isn’t just a game of favorites; these processors often supply processing solutions that are specific to certain industries. If your business is primarily B2B and you want to accept credit cards (or you already do), try searching for processors that cater specifically to B2B businesses rather than just looking for the best rate – which you can rest assured is something I’ll cover shortly anyway.
What kind of solution will work best for you?
Depending on the kind of business you run, you may benefit from a different kind of credit card processing solution than a simple physical terminal. Most B2B companies – or, really, any company that uses an invoicing software and accepts credit card payments – would benefit from using integrated credit card processing solutions: processing credit card transactions directly inside their accounting systems via an integrated virtual gateway.
In the event that an integrated solution simply isn’t available for your particular accounting system, an independent virtual gateway is the next best option, as it includes reporting tools and transaction search options (as the integrated gateway does) that simply aren’t available from a standalone physical card terminal. Merchants that do business solely online can also benefit from using virtual gateways, as they’re designed to plug in to most online shopping carts.
This may seem an obvious notion for some, but other business owners may not be aware another credit card processing option even exists. Most of the time, using an integrated solution or a virtual gateway will carry a small fee ($15-20 per month), but the ease of use and time savings compared to using a physical terminal makes the cost well justified. And to boot, you won’t have to worry about buying (or leasing!) those terminals for your office. Check with your processor of choice to see if they can offer you virtual or integrated processing options if you think either would be a good fit for your business.
Step Two: Keep everything secure
Keep everything nice and secure to protect your customers and avoid penalties. You may have heard this a thousand times, but it still bears repeating: Adhering to PCI compliance standards is extremely important. (Essentially, PCI compliance means never recording your customers’ credit card information nor otherwise storing it locally, like on your own servers.)
Although it isn’t particularly difficult to comply with data security standards, some business owners do the mental math and ask, “What are the odds I get hit with a data breach or someone compromises my data? Not too great.” While this may be true, this was undoubtedly the very thing every business owner uttered before he or she was sacked with the liability for his or her customers’ credit card data after a data breach or a certain incidence of fraud.
It isn’t worth it to remain noncompliant. Not only will you be liable for your customers’ damages if you’re found to be noncompliant after a breach, but some processors will add a PCI noncompliance fee to your itemized merchant account statement, which is their way of telling you to shape up.
So, you know what the penalties are now. But, what can you do? It’s simple, actually – so simple as to be counterintuitive. If you use a virtual gateway or integrated credit card processing solution, simply asking your prospective processor if your solution is completely PCI compliant is a good start. You can do further research on the internet if your account representative doesn’t have specific information about where your customers’ data is stored, though this should not be a problem in most cases.
Conversely, if you use a physical credit card terminal, your data is never stored anywhere in your system by default, so your responsibility is simply to refrain from recording and keeping your customers’ credit card numbers on file. I would refrain from ever writing down someone’s credit card information, even if you plan to destroy it after use – if you find you need to do this for any reason, you might benefit from looking into a processing solution that connects to your point-of-sale system in order to alleviate that particular need.
PCI compliance and data security is something to be aware of at all times, but I think it makes a good step two because you can take care of it before you begin processing and continue to monitor it afterwards.
Step Three: Protect against chargebacks
Implement strategies to protect yourself from chargebacks. After you’ve obtained a merchant account and picked a credit card processing solution that’s tailored to your business, your next responsibility is to implement a plan to protect yourself from the dreaded chargebacks – or better yet, ensure they don’t happen at all.
Chargebacks generally occur when customers don’t receive the products they ordered from you, aren’t satisfied with the products you deliver, or claim they didn’t order product from you at all. They obviously don’t help you because they take away your revenue, but credit card processors don’t like them either, as they bring on a lot of flak from backing networks (essentially, their bosses).
Here are some steps you can take to address the three main reasons you might incur a chargeback:
Make sure your customers have a reliable way to contact you
This may seem intuitive for some, but not checking your voicemails or emails regularly can have its consequences. Ifyour shipping procedures are tight, you may have all the potential in the world to deliver product to your customers efficiently, but, it all goes to pot if your customers can’t reach you again after an order is placed and they need to, say, change their orders in any way. And, if your shipping procedures aren’t great to begin with, that’s even worse. A
t the very least, keep an open line of communication so you can resolve potential disputes with your customers directly and not with Visa and MasterCard.
Make sure you deliver products exactly as advertised
Again, this is natural for some, but not all. This one is simple, though. Be honest with your customers and don’t try to cheat them. If you’re afraid the language you use on signage or your website might be ambiguous, hire an editor or copywriter to go over your content before it hits anyone’s eyes so you can be sure you aren’t advertising something falsely. Follow decent shipping procedures to make sure your products don’t break in transit – and, if they ever do, ensure you have a refund procedure in place (and follow step A above)! Otherwise, there isn’t much to this one.
Step Four: Protect yourself against credit card fraud
This is a logical progression from step three, as fraudulent transactions constitute a portion of transactions eventually charged back. You might feel like a sitting duck when it comes to fraud, but you can implement a few measures to make sure it doesn’t happen to you – or, at the very least, happens a lot less.
Collect additional information from your customers and invest in the latest technology to protect against real fraud.
First, you can collect extra information from your customers to make fraudulent transactions a good deal harder to pull off. This can be as simple as asking for an ID when customers use credit cards face-to-face with you, but you can also require a valid billing ZIP code or CVV code. Obviously, someone who isn’t authorized to use a given credit card will have a much harder time supplying an ID or the other information you request, so this is a very good fraud deterrent. In card-not-present situations, especially on your website, have your web developer set up a form that requires a valid billing address, CVV code, and a captcha (to prove the person using the form is a human and not a robot).
Also – and this is quite important – there are two major fraud-preventing players on the credit card processing scene today.
EMV prevents fraud at the point of sale
EMV technology takes the form of microchips embedded in new credit cards, and their corresponding EMV card readers; EMV protects against credit card fraud at the point of sale (at the card reader), since the microchip embedded in credit cards communicates with the EMV card reader, making it much harder to duplicate and produce a bad transaction. EMV technology hasn’t made it to the United States in full force, but many other parts of the world, especially Europe, have adopted EMV as a standard, as it significantly cuts the amount of card-present fraud possible.
In the United States, fraud liability for card-present transactions will fall on the party that has the lesser technology (either the merchant or the card issuer), unless both the customer and merchant are using it. In any case, if you accept many face-to-face transactions, it would benefit you to look into EMV technology as a way to prevent fraud as more of your customers begin using EMV cards. EMV terminals aren’t terribly expensive and will be well worth the peace of mind they give you in reduced fraud liability.
Tokenization prevents fraud later on
Tokenization, the second piece of the puzzle, scrambles credit card numbers into unusable tokens when the data is at rest (inside a company’s server, for example), which protects it from use by hackers in the event of a data breach. As tokenization isn’t a physical hardware feature, nor is it something visible on a credit card, you’ll have to ask your processor if they can provide you a tokenized processing solution in order to be absolutely sure you’re getting the best security, and because not every processor has developed and implemented tokenized solutions, which, for all their added benefits, require development and programming time that not every credit card processor has. Fortunately, unlike EMV, tokenization is usually offered as standard service, not at a premium.
Make a couple more tweaks to curb friendly fraud
Second is friendly fraud, which sounds a bit silly, but it’s a surprisingly common occurrence if customers either don’t remember they purchased something from you or don’t recognize your merchant name on their credit card billing statement. To protect against friendly fraud, you can use the same procedures as you’d use to protect against malicious fraud, with a couple of extra pointers:
- If you operate in an industry where people might forget they purchased something from you for any reason – for example, transportation and limousines – make sure your patrons sign a credit card receipt or have one sent to their confirmed email address. It’s a small piece of ammunition that will come into the conversation if the customer initiates a chargeback. (If the card is present, chargebacks are very difficult for customers to win anyway.)
- If you operate a company that might be potentially embarrassing for someone to see on their credit card billing statement (especially if it’s something more than one person is privy to), you can prevent that sort of chargeback by manipulating the name of your company to appear differently on sales receipts and billing statements. (Talk to your credit card processor about this.) Be sure not to overcompensate, though, or your customer might just charge back anyway – because he doesn’t recognize the business name at all.
Credit card processing is an ongoing process, so keep your eye on it at all times!
Even merchants who sign processing contracts aren’t immune to sudden changes in costs, technological advances, parts breaking, and other things going slightly awry. After taking the time to build your credit card processing procedures from the ground up (from step 1 to 3!), you should treat your system like any other part of your business: Keep an eye on everything, from your accountants’ data entry procedures, all the way to your processing statement you’ll get in the mail every month.
This ultimate guide to credit card processing will help your business successfully process payments. You’ll feel better about your business knowing you’re ahead of the pack in a part of business where many companies struggle.