About Christine Speedy

B2B cloud payment acceptance solutions and CenPOS enterprise cloud payment solutions global sales.

B2B credit card processing FREE analysis

Are increasing merchant services credit card fees annoying you?

While technology can optimize fee management, there are multiple reasons new fees or rising fees may occur. Use the information for a quick self-assessment and determine whether it’s worthwhile to engage with a 3D Merchant Services payments professional for further review. This method is easier than my B2B credit card processing fact check, while still revealing problems that must be resolved.  As a processor neutral payments expert, Christine Speedy offers a unique perspective.

The areas needing most attention are rate qualification and other fees.

Here’s a shortcut to determine if you have authorization problems, which directly impact credit card processing transaction fees. Why is this important? Because unless you fix the underlying problem, switching merchant accounts will only provide partial relief from escalating transaction fees like non-. If you have any of these items below on your merchant statement, there’s a problem that is causing unnecessary extra costs.

  • Mastercard Transaction Processing Excellence Fee – Nominal Authorizations
  • Misuse
  • Integrity
  • Compliance or Non-compliance
  • Standard / STD (any)
  • EIRF
  • Data rate I
  • Data Rate II or Data Rate 2
  • Chargeback: FRAUD TRANS-NO CARDHOLDR AUTH
  • Chargeback reason: Compliance
  • Non-Qualified, NQ

Hint: If you open your merchant statement in Adobe Acrobat, in OSX with command F you can copy and paste the terms above. It’s not foolproof due to varying abbreviations, but you only need to have one of the bad items to know there’s a problem.

For card not present business to business, these are two credit card processing interchange types you should see; many often don’t and that is also a problems resulting in higher costs.

  • Full UCAF
  • Data Rate III, Commercial Level III

I don’t know why, but I get calls from other salespeople in the industry looking for solutions to help customers qualify for Data Rate II. Why wouldn’t you want the customer to qualify at Data Rate III? Makes no sense.

I also hear from merchants how they were told that the new solution would fix their level 3 data problems, but it didn’t. If you do preauthorizations, and the solution doesn’t automatically get new authorizations and manage reversals it’s not going to fix authorization problems. Always ask, “how will the payment gateway manage authorization reversals if we don’t settle for the original preauthorization amount’? That’s one of several critical key questions. If they don’t know the answer instantly, move on.

Due to constant changes in card network rules and data security compliance rules, a review by a neutral payments expert is essential. Did you have any red items? It’s time for a deeper dive into why.  Your FREE report will identify issues impacting profits and security, include action items how to fix them, and rarely requires changing financial partners.

credit card transaction fee checkup form

Call Christine Speedy, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET. With Christine as your account manager you’re assured a unique experience to maximize profits and security without business disruption.

3D Merchant Services is now WBE and WOSB certified and is rebranding to Greater Good Tech.

Xfinity Data Breach 2023- Take action now

The Comcast Cable Communications, doing business as Xfinity, data breach announced this week impacts over 36 million, that may include both current and former customers. As a society, we may becoming numb to responding due to the sheer number of incidents, but in this case, if you’ve ever used Comcast, take action now.

What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.

However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.”

What Information Was Involved? On December 6, 2023, we concluded that the information included usernames and hashed passwords. For some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.”

I’m a customer, why am I just hearing about this now?

Xfinity put out a press release on Monday December 18, 2023, which was picked up by the all the major news networks. Email notifications were not sent to all Xfinity customers, but if a customer attempts to login to their account, a password change is automatically prompted for.

Xfinity falls short on privacy and account modifications.

It’s clear that the web site has a new look and feel, maybe in part due to responding to the data breach. After changing password, with required authentication steps, users cannot update their privacy setting without providing a mobile number.

What action should you take?

  1. Change password login. Only use strong passwords with at least 16 characters, and don’t use the password for any other web site. If you’re not using a password management system, get one now.
  2. Change secret questions and answers. Don’t use questions where answers are easily obtained through social media or past web site uses. Due to prior internet data breaches, criminals have vast amounts of information on everyone; software makes it easy to compile data from multiple sources and create automated attacks.
  3. If Xfinity secret questions and answers are used anywhere else, including the credit reporting agencies like Experian, change them. If in doubt, update all financial institution and phone service secret questions immediately, due to potential harmful impact if those were compromised.
  4. The data breach was in October and consumers are finding out about it in December. If you don’t normally review your financial transactions, look closely. Also, check your credit report activity. https://www.annualcreditreport.com/index.action
  5. Review privacy settings may not be what they were prior to recent web updates.

Comcast has a history of using social security numbers to open accounts that goes back decades. In response to data breaches, US government regulations have been modified and expanded over the years to reduce risk of consumer data being exposed by limiting when social security numbers may be required to mostly financial and government institutions. Cable, phone and healthcare companies still routinely require them in order to receive services. Consumers can refuse to provide one, but might be denied the service.

Xfinity no longer requires social security numbers, but they can be used as a secondary form of identification. Even “an expired photo driver’s license which is not more than five years old from the expiration date” qualifies as acceptable. At what point should an ID be removed from systems to protect consumer data? After a customer has satisfactorily paid their bill for a year? Or 5, which is the basic lifespan of secure computers? If the hashed 4 digit social security number, or any other ID, truly has no value, then why not delete it after a designated period of time?

Resources:

Credit card surcharge rules and laws 2023

Looking for a credit card surcharging solution to offset expenses? The rules vary across multiple card brands and terms of acceptance. Here’s an updated review of who can surcharge, what card types, and checklist of how to roll out credit card surcharge at your company. The answers are targeted for business to business merchants, my area of expertise. Historically if a merchant complies with Visa surcharge rules, they’d be compliant with other brands, so we often cite that as the standard.

What is a credit card surcharge?

Surcharge is any fee charged by a merchant for the use of a card.

What’s the difference between a surcharge and convenience fee? Convenience fees can only be charged for a bona fide convenience in the form of an alternative payment channel outside the Merchant’s customary payment channels and not charged solely for the acceptance of a Card. If a merchant only accepts credit cards, it’s prohibited. If a merchant is 100% card absent, merchant cannot charge a convenience fee.

Card brands agree on this for surcharging:

  1. Merchant Discount Rate is the fee, expressed as a percentage of the total transaction amount that a Merchant pays to its Acquirer or Service Provider for transacting on a Credit Card brand. In short, it’s typically all the fees on your merchant statement EXCEPT PCI compliance, terminal rental fees or any other special fee that is not paid via the mechanism of the per-transaction merchant discount fee. Per Visa, merchants must “Limit the amount to your merchant discount rate (MDR) for the applicable credit card or 3% whichever is lowest.” This is the reason merchants can get in trouble if their surcharge solution provider charges a flat amount for every card type.
  2. The Surcharge amount must be submitted separately (in the defined surcharge field) from the Transaction amount in the authorization and clearing message.
  3. The receipt must list the surcharge amount separately.
  4. If the original transaction has a partial or full refund, the surcharge amount must all be refunded proportionally.
  5. Surcharge on debit or prepaid cards is prohibited for all merchants.To ensure compliance use a payment gateway that can identify the card brand and type of card to allow surcharges only on eligible cards.
  6. The fee must be relative to their average cost of card acceptance.

How much can a merchant surcharge?

In short, surcharging is allowed to cover costs, not to make a profit. Let’s face it, based on the rules above, to simplify implementation, merchants will surcharge at the brand level because they lack the technology to discern between product types on a per transaction basis. Taking all that into account what can you surcharge?

  • Cannot exceed Maximum Surcharge Cap, which for Visa is currently 3%, effective April 15, 2023, and MasterCard remains at 4%.

Just because somebody offers it doesn’t make it right. Some companies are offering “free merchant accounts” by offsetting fees with surcharge of 3.5% or even 4%, both exceeding current rules. The average B2B company has much lower than 3.5% effective rate so that was always a violation of card acceptance rules, subject to penalty. The companies offering these services are making big money on the spread of actual fees vs what customers are paying. Again, these are card brand rules violations.

Surcharge checklist:

  1. Notify card brands (Visa etc) in writing at least 30 calendar days before assessing a US Credit Card Surcharge; must state whether will surcharge at the brand level or product level.
    1. https://www.visa.com/merchantsurcharging
    2. http://www.mastercard.us/merchants/support/surcharge-disclosure.html
    1. https://www.discoversurcharge.com
    2. Amex- none required
  2. For card not present orders, disclose verbally if telephone; for online orders minimum 10-point Arial font, but in any case no smaller or less prominent than surrounding text.
  3. Receipt must be delivered with the surcharge as a separate line item.
  4. The surcharge amount must be sent with the transaction for authorization.

 Which states prohibit merchants surcharging?

Per Visa, as of April 15, 2023, they are “Connecticut, Maine, Massachusetts, and Oklahoma. Note also that Merchants located in Colorado may not surcharge more than 2% as per State law.” However, due to federal and other court rulings, multiple states have backed away from the bans. The legislative intent in many of these states was to protect consumers, and not to restrict B2B surcharging, therefore, B2B companies may have exceptions.

What’s the penalty for non-compliance with surcharge rules? Acquirers face fines. Acquirers of any merchant identified as surcharging improperly may be assessed an immediate US $1,000 fine. This is just the beginning and is not all-inclusive. Visa is proactively enforcing surcharge rules from April 15, 2023.

  1. In 2015, the 11th U.S. Circuit Court of Appeals, a federal court, overturned Florida state law as being unconstitutional, allowing surcharges to legally continue in Florida and nine other states that had enacted bans against them. The case was a highly contentious 2-1 decision in which the court’s chief judge said the state surcharge bans (like Florida’s) were “being struck down by a federal court for no good reason.”
  2. In December 2019, Oklahoma attorney general official opinion declaring the state’s no-surcharging law unconstitutionally restricts free speech. 

Surcharge Laws Stories:

  • 2/2023 NJ Businesses Fined For Credit Card Surcharge Without Proper Notice https://lakewoodalerts.com/cracking-down-businesses-fined-for-credit-card-surcharge-without-proper-notice/
  • Texas Updated 2020 – https://faq.sll.texas.gov/questions/9631Senate Bill 560, which went into effect on September 1st, 2017, changed the laws relating to credit card surcharges. Previously, the Office of Consumer Credit Commissioner (OCCC) enforced the law on credit card surcharges, but that is no longer the case.
  • Florida update https://www.epgdlaw.com/are-credit-card-surcharges-legal-in-florida/
  • California update
    https://oag.ca.gov/consumers/general/credit-card-surcharges
  • January 10, 2019 NY Update
    https://www.natlawreview.com/article/parties-case-challenging-constitutionality-ny-no-credit-card-surcharge-law-jointly
  • NY Court of Appeals issues interpretation of no surcharge law  https://www.consumerfinancemonitor.com/2018/10/26/ny-court-of-appeals-issues-interpretation-of-ny-no-credit-card-surcharge-law/
  • 2018 Florida https://www.nbc-2.com/story/40273084/you-can-legally-be-charged-extra-for-using-a-credit-card
  • 2018 case in California http://delfinomadden.com/credit-card-surcharge-ban/
  • 2017 US Supreme Court & NY https://www.usatoday.com/story/news/politics/2017/01/10/supreme-court-new-york-credit-card-surcharge-price-speech/96391718/
  • http://fortune.com/2017/03/29/credit-card-charges-supreme-court-freedom-speech/
  • http://www.orlandosentinel.com/business/consumer/os-nsf-florida-credit-card-surcharges-20160706-story.html
  • https://www.ncsl.org/research/financial-services-and-commerce/credit-or-debit-card-surcharges-statutes.aspx

State statutes on surcharge laws

  • https://portal.ct.gov/DCP/Legal/Credit-Card-Surcharge
  • https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXX/Chapter140d/Section28a Massachusetts statutes.

For more information, see Surcharge law resources under Merchant Alerts & Rules Links or contact your acquirer for accurate and current information specific to your situation. Neither Christine Speedy nor this web site provide legal advice. Consult an attorney for all your legal questions.

Does your company want to surcharge? Call Christine Speedy right now at 954-942-0483, 9-5 ET for a compliant solution. Please share your surcharge insights for others and ask any questions below. The information herein is based upon public information available at the time written and may change.

3D Merchant Services is rebranding as Greater Good Tech.

2023 Merchant Credit Card Data Breach List

The 2023 credit card data breach was updated March 2023, and is not all inclusive. Is your business safe from a credit card data breach? The list below highlights some credit card data breaches and the primary cause at the time the data breach was announced. While malware reigns as a top cause of payment data breaches, employee theft is still a problem too. To make the list, typically companies are only listed if full card data is stolen.

Restaurants

January 2020 Chick-fil-A says less than 2% of customers affected by breach via website and mobile application between December 18, 2022 and February 12, 2023 using login credentials obtained from a third-party source. Name, email address, Chick-fil-A One membership number and mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit (e.g., e-gift card balance) on your account (if any). In addition, if saved to your account, the information may have included the month and day of your birthday, phone number, and address. Importantly, unauthorized parties would only have been able to view the last four digits of your payment card number.

Retail & Ecommerce

January 2023: JD Sports– online store November 2018 and October 2020, announced January 2023. Among other shopper data for 10 million customers was the last four digits of card numbers. JD Sports is based in the UK and can expect fines up to the higher maximum permitted under Part 6 of the Data Protection Act 2018, so potentially £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

Technology

January 18, 2023: Paypal, about 35,000 customers exposed information included names, addresses, Social Security numbers, individual tax identification numbers, and dates of birth. Unauthorized access by credential stuffing.

Don’t be the next credit card data breach victim!

Christine Speedy is Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council. QIRs are integrators and resellers specially trained by PCI Security Standards Council to address critical security controls while installing merchant payment systems. QIRs reduce merchant risk and mitigate the most common causes of payment data breaches by focusing on critical security controls. Call Christine for technology, merchant services and check processing needs.

Microsoft Dynamics 365 Embedded Payments Solution Featured in Digital Transactions magazine

Embedded payments are exploding and U.S. Bank has embedded payment solutions within Microsoft Dynamics 365. “The Rise of Embedded Payments“, in DIGITAL TRANSACTIONS January 2023 issue, highlights U.S. Bank’s embedded payments solutions and benefits for both sellers and buyers. The U.S. Bank AP Optimizer® was announced last year. Additionally, Elavon Inc.’s payment gateway provides a secure and end-to-end accounts receivable payment solution for Dynamics 365 Finance. Elavon, a wholly owned subsidiary of U.S. Bank, has been a global leader in payment processing for more than 30 years.

Looking for Microsoft D365 secure payment processing solutions? Call Christine Speedy, 3D Merchant services founder, for simple solutions to B2B transaction problems. 954-942-0483, 9-5 ET.