Scott, I hear a lot about risks from accepting credit cards and have seen multiple breaches in the news. But isn’t security better today than in the past and wouldn’t fraudsters target big companies versus the regular “mom and pops”?
In short, yes, security is better today than in the past, but technology has also helped fraudsters develop new tools to commit fraud and hack into systems to steal credit card data and cardholder identities. Protecting cardholder data is now a responsibility shared by all three players, credit card processors, merchants and cardholders. The days of merchants relying entirely on the credit card processor to provide security alone are long gone. Remember, if fraud or worse, a data breach occurs, the reputational damage alone could put a merchant out of business before even factoring in any financial impact from fines and penalties. So let’s look at the three players responsible for protecting data and what each can do. First, most have already heard about “chip cards.” The chip embedded in the card creates a unique code for each transaction using an algorithm which protects the cardholder at time of purchase. Essentially the only way a fraudster could commit fraud with a chip card is to steal the actual card. In comparison, the information stored in the magnetic strip can be loaded on a blank card and used to commit fraud. In Europe and Canada, EMV chip cards use “chip and pin”, a 4 digit pin number much like a pin for debit transactions. However, the U.S. standard is “chip and signature” currently with pin likely to come as an enhancement in the future. As of October 1st, 2015, the card brand associations (Visa, MasterCard, Discover and American Express) regulations shift the liability on fraudulent transactions from the bank that issued the card to the merchant.
So now merchants carry the risk and financial liability of potential losses if they aren’t processing using chip reading equipment or POS software. This is not a required regulation, but a shift in liability and only applies to card present transactions today. So merchants can still swipe the traditional magnetic strip. They just take on the added risk of losses should they have any transactions determined to be fraud and they didn’t process via a chip. Two additional security solutions that the industry is slowly adopting include tokenization and point‐to‐point encryption. Tokenization protects data at rest, such as while stored in a payment software application and point‐to‐point encryption secures data in motion, such as during transaction processing. Arguably the most important point is to think of these three security measures like a bridge and you need all three security measures for the most secure and stable bridge. Without anyone of them, the bridge becomes unstable and is not secure. The ideal payment partners in your market will provide education on security as it relates to your specific business, what you’re already doing well and where you have potential risks. The role of the payment partner is to identify opportunities to improve securing card data, discuss the cost implications with the merchant and help guide the merchant to make the best decision for their business.
When I ask multiple business owners how they select their payment provider and keep their costs down, many cringe suggesting it’s all too complicated and confusing. Why do you think that is and how can merchants select better partners and understand how to minimize their costs?
Craig, unfortunately many merchants have had poor experiences and it’s typically caused from the same few repetitive issues. For example, some providers have very confusing agreements and billing, while even those that don’t, they may have a sales representative that isn’t trained well or is intentionally avoiding sensitive questions for fear of losing a potential sale. The first suggestion would be to select a partner with a sales rep who is industry certified to hold the highest standards of education and integrity. This certification is called, CPP or “certified payments provider”, and is much like other industry’s that require passing a test to help certify a degree of integrity and credibility.
One common risk to avoid is the long contracts sometimes required. They can be for terms as long as 3 or 5 years and include expensive termination fees, worse yet are the fancy formulas called “liquidated damages” resulting in thousands of dollars when cancelling with those providers. Use common sense, if everything is disclosed openly and discussed freely, then you’re probably working with an honest and educated sales rep. However, if terms are hidden on the back side of agreements in fine print or not disclosed at all, then you need to avoid these providers and sales reps. Unfortunately, some merchants get fooled by sales reps who only show savings from part of the billing, but don’t show other costs that may be higher than the merchants current provider and result in less savings than promised or none. One way to prevent this is to request “interchange and assessment pass through cost” with a small, but fixed mark‐up. The mark‐up is called out, clear and the rest should be cost. You also want to specifically ask that no “surcharges” of any kind are included in your pricing. It’s not uncommon to have these fees included that are pure profit to the processor, but communicated to the merchant as if they’re “just cost”.
Lastly, many merchants find their monthly billing statement confusing or don’t understand it at all. This is partly due to the significant proliferation of pricing categories, called “interchange”. However, the best industry representatives can educate their merchant rather easily by help identify what costs are within control and which are not. Many merchants remain confused about what they are paying simply because their provider has never offered to review a billing statement with them.
How can merchants today leverage technology to help grow their business and simplify the customer experience?
Technology has been a positive influence on business by offering new solutions to grow sales, lowering costs of older technologies and improving the convenience factor. One great example of this is through mobile processing. Today, most merchants already have a device they can use in a smart phone or tablet or can buy one for hundreds of dollars, not thousands. With a simple wifi signal to connect to, these mobile devices can process payments without all the higher equipment and coverage costs. Today, many golf courses are replacing the costly wireless terminals used on their beverage carts with a mobile device or adding one if they don’t use one currently. Not only does this open the potential for more sales but the cart drivers usually make more in tips on credit card transactions as compared to cash.
What costs or fees are avoidable and how can merchants prevent these from being slipped in on their account without knowing or being misinformed?
Craig, to start merchants should watch for avoidable up-front fees and costs. Avoid paying fees like, application fees, reprograming fees, debit setup fees and other start up related fees. Also, try to purchase any equipment up front if you can spare the capital. Most processors offer a leasing option and some reps push terminal leases hard, because that’s where they earn the highest commissions. However, on average a merchant will pay two or two and a half times the cost of purchasing when comparing to the total lease program costs. Purchasing up front will cost significantly less, again, if you can afford to invest the capital at start up. As a good follow up, merchants should read the messages or notes header on their monthly billing statements for any account updates or pricing changes. It’s also good practice to frequently review the “fees” section of their statement. This section is often where existing fees are increased or new fees are introduced when other unrelated costs go up.
In short, banks no longer process credit card payments in-house, they sub contract this service out to the direct processors. Banks specialize in banking, but are by no means electronic payment experts.
This is obviously an important part of all retail which like everything else has become much more specialized and while abused by some, others like Scott Knabusch, Michael Kintz and Merchant Pro Express have found a niche the old fashioned way with expertise, integrity and exceptional service. Some of the things that stick with me as a merchant are the savings go right to the bottom line; you now have a consultant looking at helping you increase revenue, decrease costs as well as having the vision to secure the future; as opposed to the banks that most golf facilities are using who are just middle men transferring data. My experience is that Scott's proposals based on his study of last months processing statement typically can save somewhere between 12 and 30%. The customer service group have over 30 years experience and actually answer the phone. There are occasions where it looks to good to be true - but is. Anyone interested in learning more about the things that Merchant Pro Express can do for their facility can call or email me or contact:
Merchant Pro Express
MPX: 516-531-2345 (client support)