Where does all the money go for your credit card processing costs?

We’ve answered this before. Most of it goes to the banks. In a few moments, you’ll read about their blatant promotions to make more money at your expense.

If you process a transaction at the best interchange qualification, they make a little money. If you process a transaction that downgrades to a higher interchange qualification, they make more money. In fact, the worse you qualify, the more money they make.

This is a key reason why banks may not be the best choice for your credit card processing. With their inherent conflict of interest, do you trust your bank to help you hit the best interchange? You can influence your interchange qualification. It’s complicated. It’s more than what customers can do, it’s up to professionals like us to not only spot problem areas, but to take the corrective actions to fix the underlying causes- either behind the scenes, through programming changes or by contacting you and providing tips for staff.

Today I received a direct mail piece from a bank. The promotion rewards me for SIGNATURE BASED gold debit mastercard purchases. Pin based debit transactions are ineligible. That’s right. The bank is strongly encouraging consumers not to enter their pin number. They make lots of money that way.

How can you combat this kind of promotion and encourage pin based debit?
1. Do you have a pin pad? Consumer oriented businesses processing $1M annually, will almost always benefit. Call us for a free analysis.
2. Are you processing $1,000,000+ per MONTH (all card type transactions), please call me regarding new technology that will dramatically lower your debit processing costs.

How secure is the credit card data you collect?

In the home repair industry, including alarm systems, air conditioning repair, garage door repairs etc, credit card acceptance has increased dramatically. But how secure is the data collected?

The most common scenario is for the work order to be written up, and the credit card information to then be added to the work order. Sometimes the work order is a carbonless form. The credit card information is then on the customer copy and the merchant copy.

The repairman puts the form in the truck and goes to the next stop. Is the truck locked at ALL TIMES? Or does the driver keep all forms with him in a notebook on each call? If taking on each call, how secure is the information while in the home or business during the repair? Are all forms returned to the home office daily? If not, where are the forms kept until the originals are returned?

The second part of this common scenario is where the data resides- on the work order form. Where are the work orders filed? Who has access?

Creating a policy for Storage of Credit Card Details both on and off your premises is an essential element of PCI Compliance. Your company should have a clear written policy and all employees with access to sensitive information should have the written policy and have had training.

Recommendations:
1. Physical cardholder details must be locked in a secure area, and limited to only those individuals that require access to that data. In addition, access should be restricted to data on a “need to know” basis. If sales orders are kept in an open filing area, then the credit card data collected should not be on the same form.
2. The credit card number should be redacted to include no more than the last four digits. In addition, any Sensitive Cardholder Data should be masked. CVV and PIN data may not be stored.
3. Stored credit card information is to be retained according to data retention policy and only so long as there is a business, legal and/or regulatory purpose.
4. Procedures to follow for masking credit card information when no longer required:
* Blackout credit card number, except last four digits if needed, and any Sensitive Cardholder Data and then photocopy document.
* Cross-cut shred the original immediately.
* Retain, if necessary, copy of document with unreadable credit card information.
* If document design will allow, credit card information should be detached from the form. Immediately cross-cut shred detached credit card information and retain remaining portion.

We’re hearing about credit card fraud increasing everywhere, especially restaurants, auto repair, and auto dealers, and wholesale distributors.

What can your business do to protect from getting burned by credit card fraud?

Make sure your POS system or terminal is programmed correctly for prompts and that clerks know how to process correctly.

SWIPED transactions- clerk must manually re-enter the last 4 digits of the credit card number
MOTO- mail order/telephone order- address verification system (also called AVS). AVS compares the numeric portion of the street address and the zip code.
ORBITAL and other proprietary virtual terminal systems- full address match

What happens if you do not perform these minimums? If there is fraud, your business is out the money.