Over the last 13+ years, I have attended hundreds of tradeshows and have spoken to thousands of executives about credit card processing. Common themes are: our fees to process cards are higher today than ever before and how can I lower our fees?
Unfortunately, there is not a simple answer that checks every box. At the end of the day, the fees associated with processing a transaction vary depending on how companies process cards, what types of cards they are processing and the information captured during a transaction, just to name a few.
Being in the credit card space for 25+ years, and owning CardConnect AIP for the past 13+ years, I have made it a quest to figure out how to keep more money in our clients' operating accounts; rather than those of the associations (i.e., Mastercard, Visa, Discover and American Express).
Let’s face it, the credit card industry is a legalized racket. Think about it, the associations make the rules and set the fee structure; couple this with processors who take advantage of the merchant relationships. Most companies have a high mountain to climb to maximize their margins when accepting credit cards as a form of payment.
The following are some common mistakes we have seen over the years that cost companies thousands of dollars annually, and in some cases well over six digits.
MISTAKE #1: Not Processing in the Most Optimum Environment
We are starting with this one because, in our opinion, it is the main reason companies are overpaying for credit card processing. Technology has impacted credit card fees more in the last six years, with the introduction of the chip card, than in the previous 50 years.
We estimate that more than 50% of distributors in the United States are still using stand-alone devices to process transactions. There is nothing wrong with these devices, provided they can self-populate the additional fields needed to pass Level 2/3 data. This is what ensures companies maximize their margins on Mastercard and Visa “commercial” cards.
Unfortunately, there are only a handful of platforms that can self-populate these additional fields, and less than 50% of the statements our company analyzes in a calendar year are securing the lowest rates possible on their transactions.
MISTAKE #2: Address Verification (AVS) Downgrades
These occur on card-not-present transactions in which the street number and zip code are not entered and/or are incorrect. These can increase the cost of transactions by 40%.
To address this issue, you must know where they are occurring in your current environment. In a lot of cases, once you identify this issue, a simple reminder to your employees will usually minimize the majority of them.
Worst case, you can utilize a virtual terminal for these types of transactions and activate the AVS mismatch feature so these transactions will not approve unless the information matches.
MISTAKE #3: Not PCI Compliant
Any merchant processing one or more transactions a year must complete a self-assessment questionnaire and, depending on their processing environment, quarterly scans might be required. This was mandated by the associations in July 2010.
The PCI non-validation fees that processors charge when you are not compliant will most likely not significantly impact your bottom line, but if you are a victim of a breach, you can expect your fines to be higher than they would have been, assuming you were compliant at the time of the breach. In addition, some processors are now charging additional fees to merchants who are not compliant. These fees can add up to thousands of dollars over the years.
MISTAKE #4: Processing with Their Bank
Although this may seem like a logical processor with which to partner, we find that banks take advantage of the merchant relationship more than any other processors. This makes no sense, but it’s been consistent for my 25+ years in the industry.
I believe this is partly because the banks typically partner up with a processor to provide this service, and do not manage it in-house. In addition, these processors rarely have access to the technology required to achieve interchange optimization. This is very relevant in the distributor space since most of you process a large percentage of commercial/business type cards.
MISTAKE #5: Integrating Payments into your ERP
No one can dispute that integrating payments improves efficiency and accuracy, but at what cost? Sadly, most ERPs partner with a “preferred” vendor to provide merchant services, which usually includes a revenue share or a “rebate.”
In addition, companies are limited by the technology with which their ERP is certified. Couple that with a large percent of processors who have an integrated solution, which also encompasses a greed factor in their pricing model.
Our company has been conducting a case study for more than two years on a particular processor that has an integrated solution for Epicor users. I mention this because a lot of IMARK members utilize one of these ERPs and if you have integrated payments with the “preferred” vendor, it could be costing your company tens of thousands of dollars more annually than it should.
MISTAKE #6: Victim of a Brute Force Attack (aka Carding)
A brute force attack (carding) is a type of fraud in which a thief steals credit card numbers, makes sure they work and then uses them to buy prepaid gift cards. The fraudster may sell the prepaid cards or use them to purchase other goods which, in turn, can be resold for cash.
Unfortunately, it can cost merchants thousands of dollars in transaction fees in a matter of seconds when they are the victims of these attacks.
The good news is there are simple steps merchants can take to protect themselves from this type of event:
- Multifactor authentication: This method adds steps to the login process beyond entering a username and password.
- ReCaptcha: This is a type of challenge-response test that helps your online business verify that a consumer is a human shopper.
- Address verification system: This system is used to identify the credit card holder’s original address with the billing address provided by the user during the online transaction
- Card certification value (CVV): Cardholders may have to enter their card’s CVV at checkout. This is typically a three-digit or four-digit code, usually listed on the back of the card.
- Velocity checks: This is the number or speed at which transactions are given time. Note, this metric cab be used to help to identify irregular patterns in your checkout process that might indicate fraud. With the CardPointe Hosted Payments Page, you can set the limits for your velocity thresholds, including velocity attacks
- Authorization/capture: Using this method, you would verify that the consumer’s card can be charged but hold off on collecting the funds from the card issuer.
Although this may all seem like a lot to digest, the good news is a simple audit of your account every six months (by someone other than your current processor) is critical to ensure you are being treated fairly and are avoiding some of these “mistakes.”
The questions that need to be addressed during these audits include:
- Is your company processing in the most optimum environment?
- Are you maximizing your margins on the interchange portion of your bill?
- Are you PCI compliant?
If you can check all those boxes, then you are putting your company in the best possible position to stay ahead of the ever-rising costs to process credit cards.
Additional Tips to Avoid Carding
How you and your consumers can personally defend yourselves against carding:
Use anti-spyware and malware-blocker software: This will help keep your devices safe by identifying infected software programs and removing them.
Promptly run software updates: This will improve the performance and security of payment devices. Only downloaded software from well-known trusted sources.
Know the signs of a phishing attempt: When you receive a message from an unknown source, don’t click on links, download attachments or respond.