Welcome to The Credit Card Coach

Being able to accept credit cards for payment provides many benefits for business owners including:

  • Allowing consumers to make impulse buys
  • Encouraging larger ticket purchases since they can pay later
  • Additonal sales added to their purchase
  • Eliminating collections by collecting at the point of sale which provides improved cash flow and eliminates write offs of bad debt

Having a merchant account can be beneficial for businesses but you need to understand what is involved.  Todays environment requires diligence on the part of the business.  This includes taking preventative steps to reduce the problems of chargebacks and data loss.  If you don’t proactively take the necessary steps then you can negatively impact your business.  Everyone is aware of hackers and credit card fraud but no one believes it will happen to them.  According to some reports, 95% of the credit card breaches reported by Visa are occurring to  their small business customers. Small businesses are those with 100 or  fewer employees. These losses run between $25,000 to $50,000 in various reports. Can you afford that kind of loss? Make sure you get a complete package.

Posted in Homepage | Leave a comment

Check card vs. Debit Card – Does It Matter?

Almost everyone who has a checking account has a card that can be used as either a debit card where you use your PIN (Personal Identification Number)  or you can use it as a Visa or MasterCard.   Which one should you chose?    Does it make any difference?

PIN based debit is the only option if you want cash.  Any ATM machine and some retailers have the ability to allow you to withdraw cash.  The amount of the cash is much lower at a retailer – typically $50 or less but most ATM’s will allow you to withdraw  $300 to $500 per day.

However when you are shopping there is a choice at many retailers so which should you chose?  If you are the consumer you may be better off using your card as a credit card.   The money still comes out of your account immediately but you have the purchase protection of the card service. (Visa and MasterCard both offer buyer protection.)  If you make a purchase using your debit card, it is much more difficult to get a refund whereas with the card services you have the ability to “chargeback” the purchase.  Now you can’t just chargeback a purchase because you changed your mind but if the product was misrepresented or defective you have a very good chance of getting your money back.

Now if you are the merchant the answer depends on the value of the transaction.  Large dollar purchases are better for the merchant if the consumer uses their PIN based debit.  The merchant will pay a much smaller processing fee for that transaction.  The recent implementation of the Durbin act confuses many as to what they costs are so let me demonstrate.

A consumer makes a purchase using their check card and does not use the PIN.  This consumer has the protection so what does it cost the retailer?  For this example we will assume a $38.00 purchase price and the checking account is at a small regional bank whose assets are less than $10 Billion – the cost to the retailer would be .56 (.95% of $38.00 plus .20) for a Visa whereas if the card was issued by a large bank with more than $10 Billion in assets, the cost of the transaction would be .24 (.22 plus .05% of $38.00) at wholesale.

If the debit card is used with the PIN then the fees in this example would be more like .46 ( .85% + .13).  Consumers do not tend to use debit with high dollar purchases as they often want to accumulate points on a reward type card.  PIN debit purchases tend to be associated with poor credit or very small purchases and also vary by region.  Some banks charge consumers fees to use the card with their PIN which discourages their use whereas if they use the same card without a PIN, there is no fee.  The merchant has to buy an additional piece of equipment or pay for the encryption of the banking information for PIN based debit to work thereby making it less appealing and the consumer has to be face to face.

The large banks are losing a lot of their profits by the changes in the law with this amendment so they are considering putting restrictions on the use of the debit cards by having maximums.  Some are considering limiting the purchase to $50 or $100 and they are pushing hard to get consumers to use credit cards where they still collect larger fees for processing.

My personal recommendation is to use a credit card and not a check card altogether.  My concern is the problems when the card is compromised.  The large banks will typically refund any fraudulent withdrawals within 24 hours giving you your spending power back but that can range all the way to two weeks with some banks.  During those two weeks you have to come up with the funds to cover any outstanding checks or automatic payments you have set up.  You may be able to get the fees refunded but your creditors won’t necessarily let you off the fees they charge when a deposit is rejected.  I just don’t want to worry about it and I don’t have to simply by using my credit card.

Posted in Blog, Card Type, Credit Card, Debit Card | Leave a comment

Credit card compliance and why it matters to you

Nearly everyone is aware of credit card fraud – it’s in the news on a daily basis.  Crooks are becoming more and more savvy about how they are collecting credit card data.  According to the new study released by Verizon Business 96% of the victims of these attacks were subject to PCI DSS but had not achieved compliance.  97% of those breaches were avoidable through simple or intermediate controls.  79% of victims were targets of opportunity.   Many businesses are aware of the requirements by the card associations however many don’t understand the importance of taking all possible steps.  Taking the steps required by the credit card associations can save you a little money right away and help protect you from spending big money if credit card information is stolen from your business.

In today’s environment some reports claim as much as 80% of the credit card data that is stolen is taken from businesses.  Because of this the card associations created these requirements.  Often I hear small businesses tell me that they are too small and the rules don’t apply to them – which is incorrect.  Any business which accepts payment by credit card is required to be PCI DSS (Payment Card Industry’s Data Security Standards) compliant.

So what does this mean?  It varies depending on how you collect and transmit the data to your processor as well as the amount you process.  Every business needs to have policies about how the data is handled to limit your clients’ credit card information exposure.  You want to determine who handles the data, how they store it, and where.  Do they keep it on their desk in a pile for input later?  That could cost you thousands.  You need to determine who is responsible for the different areas and if one employee thinks that another employee is doing something incorrectly or suspicious – to whom do they report it.

Do you collect data offsite? If so then what steps are you taking to maintain the storage and safe keeping of that information?  Do you realize the large risk to your company?  It may seem like only a few hundred or few thousand in receipts but the cost of a data loss grows quickly.  There are fines which vary according to whether you are actually compliant.  You are always responsible for the cost of the data breach which includes the letters to cardholders, reissuance of cards and any fraudulent transactions.
If the card associations even suspect that your business has lost credit card data, they send a forensic team to your business. They will review all the requirements.  Some of the things they look for are:
•    Are you using software to process your payments or do your clients pay on your website?  If so, are you using an approved vendor to vulnerability test the system?
•    Do you store any data?  Is it encrypted or are you using tokens?
•    Do you have up to date firewalls and have you changed all the administrative passwords for all of your software systems?

Don’t laugh as often people leave the administrative passwords in place so they can always recover them but the crooks know the passwords too.

Failure in any area means you are not compliant and then there are additional fees for non-compliance.  Of course you are responsible for the cost of the forensic team which is easily a few thousand.

Another reason it is so important for you to be compliant and take all the required steps to reduce the risks of a data loss is the effect on your customers.  Several studies have shown that 40% or more of your customers will take their business elsewhere if you lose their data.  So in addition to the high monetary cost – which ranged from $35,000 to $50,000 in 2010 for small business, you lose revenue from lost customers.  For 50% of those small businesses with losses in 2010 it meant bankruptcy.

Most processors offer a solution for their clients – often with some sort of protection.  Usually businesses can get financial coverage to help mitigate the cost of a data loss.  This coverage typically ranges from $50,000 to $100,000, however this coverage usually requires the business to be compliant or the financial coverage program won’t reimburse you for any of the costs.  These programs usually cost around $100 to $200 a year for smaller businesses and the cost grows when you need more aggressive testing and have more requirements from the card associations.  Don’t think it won’t happen to you as every type of business has been affected by a data loss.  Some types of businesses are targeted much more than others with restaurants being a good example.

For more information or questions please contact us at natalie@thecreditcardcoach.com

Posted in Blog, PCI Compliance | Leave a comment