WASHINGTON, DC  Senator John D. (Jay) Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, today introduced legislation, the Restore Online Shoppers Confidence Act, to end the deceptive online sales tactics which have been the subject of a year-long Commerce Committee investigation.

Chairman Rockefeller’s bill comes on the heels of a new Commerce Committee staff report the second of two reports which shows how Affinion, Vertrue, and Webloyalty  the companies that used aggressive sales tactics to enroll online consumers in services without their consent developed policies designed to prevent online consumers from getting their money back when they called to question the mystery charges on their credit and debit cards.

Tricking consumers into buying goods and services they do not want is completely unacceptable. It’s not ethical, it’s not right, and it is not the way business should be done in America. Our investigation uncovered these misleading practices and, as a result, these companies have been forced to change their ways. That’s good for the millions of Americans who shop online, and it’s the kind of work I will continue to do as Chairman of the Commerce Committee. The bill I’m introducing today will ban these deceptive online sales practices once and for all,” Chairman Rockefeller said.

The first staff report, released in November 2009, revealed how Affinion, Vertue, and Webloyalty used a set of online sales tactics to charge millions of consumers for membership clubs and services the consumers did not want and were unaware they had purchased. The report found that these companies bilked millions of Americans out of more than one billion dollars by partnering with hundreds of legitimate websites that were willing to share their customers billing information, including credit and debit card numbers, for financial gain. More information can be found here.

The new Commerce Committee staff report shows what happened when consumers called Affinion, Vertrue, and Webloyalty to get their money back for the services they were unknowingly charged for. Findings of the new report include:

• Refund Mitigation: In a practice known as refund mitigation, the three companies created scripts and policies intended to minimize the amount of money they would have to return to consumers who had inadvertently enrolled in the clubs. For consumers who insisted on refunds, the companies employed a variety of tactics to keep the refund amounts as small as possible, including requiring customers to obtain refunds by completing written affidavits.

• Magic Words: Each company instructed their call center representatives not to issue refunds to consumers, unless the consumers mentioned certain key words like attorney general, Better Business Bureau, or bank representative. These policies were designed to satisfy those consumers who were most likely to create additional customer noise problems and reputational damage for the companies. Consumers who did not mention the magic words did not receive full refunds.

• Multiple Memberships: Because they could encounter the aggressive sales tactics of Affinion, Vertrue, and Webloyalty while shopping on hundreds of different websites, online shoppers were frequently enrolled inadvertently in multiple membership clubs offered by the same company. Consequently, many customers who called Affinion, Vertrue, and Webloyalty to cancel one membership and request a refund were actually enrolled in more than one of the companies clubs. Webloyalty and Vertrue trained their agents not to inform consumers about these additional memberships.

• Failure to Follow Credit Card Rules: Affinion, Vertrue, and Webloyalty violated MasterCard and Visa’s rules for credit card and debit card transactions and American Express placed the companies in monitoring programs for merchants with high rates of disputed charges from cardholders (known as chargebacks). Between 2006 and 2008, the three largest credit card companies processed 1.4 million chargeback requests and over 10 million refunds, totaling hundreds of millions of dollars, from cardholders disputing charges from Affinion, Vertrue, and Webloyalty. Despite these rule violations and the high volume of consumer complaints, the three companies enjoyed uninterrupted access to the payment systems operated by Visa, MasterCard, and American Express until late 2009. Once Chairman Rockefeller notified the credit card companies of the aggressive online sales tactics in December 2009, the companies quickly took action to ensure that Affinion, Vertrue, Webloyalty, and their e-commerce partners were in compliance with their rules for merchants and that their cardholders were no longer subject to the misleading data pass process.

Chairman Rockefeller’s bill will help put an end to the deceptive online sales tactics uncovered by the Commerce Committee’s landmark E-commerce investigation. The bill is sponsored by Senators Mark Pryor (D-Ark.), Bill Nelson (D-Fla.), Amy Klobuchar (D-Minn.), Claire McCaskill (D-Mo.) and George LeMieux (R-Fla.). Chairman Rockefeller’s bill will protect online shoppers by:

• Prohibiting companies like Affinion, Vertrue, and Webloyalty from using misleading post-transaction advertisements by requiring them to clearly disclose the terms of the offers to consumers, and to obtain consumers billing information, including full credit or debit card numbers, directly from the consumers.

• Prohibiting Internet retailers and other commercial websites (“initial merchants) from transferring a consumer’s billing information, including credit and debit card numbers, to post-transaction third party sellers, like Affinion, Vertrue, and Webloyalty.

• Requiring companies that use negative options on the Internet to meet certain minimum disclosure and enrollment requirements, so consumers will not end up paying recurring fees for goods and services they did not intend to purchase.

###

DALLAS and BOISE, Idaho (March 15, 2010) — Chase Paymentech, a leading merchant acquirer and payment processor, and Kount, a Boise, Idaho-based company that specializes in card-not-present (CNP) fraud prevention, today announced an agreement to offer a comprehensive suite of fraud detection, management and prevention tools for merchants.

Chase Paymentech processes a significant share of global CNP payments, in a wide variety of payment methods, and authorizes transactions in more than 130 currencies. Its expertise and fault tolerant infrastructure, paired with Kount’s advanced fraud prevention technology, will introduce a new class of fraud management tools that will significantly improve the reliability and security of card-not-present transactions.

The ability to provide merchants with a real-time fraud score at the time of bank authorization will deliver unparalleled value. This benefit coupled with dynamic order linking, device fingerprinting, proxy piercing and other Kount capabilities will allow merchants to accurately detect and reject a significantly higher percentage of fraudulent orders, saving merchants costly chargeback fees and fines associated with fraud.

“This alliance underscores our commitment to provide merchants with the tools they need to significantly improve and sustain financial performance. Our partnership with Kount offers merchants the first truly integrated fraud-monitoring tool at the point of transaction authorization. This is a significant step toward a global effort to reduce CNP fraud,” said Chase Paymentech president Mike Duffy.

“The result of our partnership with Chase Paymentech will be a new class of tools and utilities for controlling card-not-present fraud,” said Kount CEO Brad Wiskirchen. “The comprehensive suite of products will give merchants a new level of certainty that current and future forms of fraud can be controlled.”

About Chase Paymentech
Chase Paymentech, a subsidiary of JPMorgan Chase (JPMC), is a global leader in payment processing and merchant acquiring, capable of authorizing transactions in more than 130 currencies. The company’s proprietary platforms provide access to a wide variety of payment methods, such as credit cards, debit cards, prepaid stored value cards and electronic check processing. In 2009, Chase Paymentech processed more than 18 billion transactions with a value exceeding $409.7 billion, including an estimated half of all global Internet transactions. The company also provides a full set of solutions aimed at accelerating cash flow and managing transaction data. On the Internet or at the point of sale, Chase Paymentech’s unique combination of outstanding service, innovative solutions and financial strength offers solid benefits to companies both large and small. More information can be found at http://www.chasepaymentech.com.

Contact: Mia Shernoff
mia.shernoff@chasepaymentech.com
1.646-460-4069

About Kount

Kount® is the most advanced fraud-fighting technology available today. Developed with online and catalog merchant needs in mind, Kount defends against both traditional and emerging fraud threats. Kount defeats botnets and other organized crime using a formidable array of tools including two patented technologies — device fingerprinting, and Proxy Piercer® — along with Dynamic Scoring™, Geolocation techniques, and real-time data streams from websites all across the globe.
Kount provides merchants with maximum risk management control and flexibility, while automating costly manual review processes to improve the bottom line. For more information about Kount, please visit www.kount.com.

Contact: Kristen Meador, Clickbank
kristen.meador@clickbank.com
1 303.807.8073

The essential elements of an ecommerce store are the shopping cart, payment gateway, security certificate and merchant account. All payment processors that we work with now require a certified PCI Compliant shopping cart.

The store or shopping cart components include order and content adminstration, inventory managment, product management, customer management and search engine optimization among other elements.

The payment gateway is just that- a gateway that allows the secure transmission of credit card and debit card payments from the shopping cart to a merchant processor. The gateway is a standard security mechanism for the internet.

The security certificate is issued to a business. Digital security certificates provide two essential security functions: authentication and encryption.
The business is verified to be legimate. It also enables the SSL protocol,or secure socket layer for encrytion, which includes displaying HTTPS and the little lock symbol that appears in browsers.

The last element is the payment processor. Merchants accept credit and debit cards by opening a merchant account with a payment processor. Just like you can’t go to the federal reserve to do your personal banking, you can’t go to Visa and Mastercard to do your credit card processing. Payment processing is offered through banks, payment processing companies and independent service organizations (ISO). Sometimes the same company offers their services through all channels. For example, First Data offers payment processing  directly and also through banks they have partnerships with, and through registered ISO’s. Because of the complexities of the industry, the best prices and value are not necessarily achieved by going direct. In fact, indirect service thrives because of value added and volume partnership pricing.

In the past, processors required a secure gateway, however this has now been extended to the actual shopping cart software as well in some cases. One reason is that some carts allowed for storing card data unencrypted somewhere on a server. For some shopping carts, getting certified is a formality. For others, there are security issues somewhere within the process- whether front end or back end, and work is needed before the cart can be certified.

The quick solution for those carts that are not compliant has been to disallow credit card processing except for paypal and google payments.

Virtually every cart accepts authorize.net as a gateway and it’s one of the most popular. I recommend it, when appropriate. The Orbital Gateway may be a cheaper solution for those processing on the Paymentech platform, however not as many carts have Orbital integration.
Orbital Gateway Integration & Certification Program - Orbital is a Chase Paymentech gateway and only works with those processing on the Chase Paymentech platform. Merchants must complete either the shopping cart certification, or use a hosted payments solution such as CenPOS or CRE Secure.

Ecommerce stores may be forced to shut down if there is a data breach related to credit card processing, but it all depends on the circumstances. Why did the data breach occur? Where did the breach occur? What steps have been taken to prevent a reoccurance? Did the company meet PCI Security Compliance standards at the time of the breach? Who do you think will force you to shut down your site?

If your company was in PCI compliance, and preventative measures have been taken, it’s doubtful you’d be forced to shut your site down. You’d be protected by Safe Harbor from financial liability.

Who can force you to shut down your site? The card associations or your payment processor are the most likely. The actual site doesn’t need to be closed, but you may not be able to accept credit cards online. You may still be able to accept Paypal, Google, or other payment types, again, depending on the nature of the breach. For example, Paypal etc would take the transaction off your site for secure payment.

A review of a new Volusion ad for merchant accounts reveals the truth and hidden information about merchant services. I thought my web store CEOgolfshop.com was highjacked when I went to my admin page and all I saw was an ad for merchant services from Volusion. I hit reload. I checked the URL I was at, and yep, it was my web store. But it was my admin page, not my public home page and they interrupted my ‘home’ page with their ad for a Volusion merchant account.

It’s actually a pretty compelling ad. I’ve used Volusion for several years and if I wasn’t in the merchant services business, I’d definitely call or click through. Since I am in the business, I clicked through and here’s what comes next.

Here’s why I don’t like this advertisement and you shouldn’t be enticed this or any similar ad. We all know there isn’t one low rate for everything, right? They capture a bunch of information about your company, and you have no details at all about the deal. Not only that, but it isn’t any where else on their web site. If you read my web site, you’ll find lots of information about interchange rates, the real truth about the merchant account application and underwriting process and lots of other insights so you can make an informed decision before providing company details.

Beyond my personal annoyance, let’s look under the hood at the offer. What? There is no information?
Fortunately, I’ve already been through the details of their merchant account offer before, so I’m familiar with more than what’s posted here. However, if you look harder, there is more information on the web site, they just don’t provide any links to it from the ad or sign up form. As of this writing, they are using Global Payments Direct, Inc. as their merchant services partner provider. Global Payments Direct is a publicly traded independent services provider GPN :NYSE). Current assets are down, intangible assets are up significantly compared to other years and debt is up 50%. But I digress as all of that is irrelevant.

The retail rates quoted have nothing to do with your Volusion merchant store. Retail rates only apply to card present transactions, and the customer must sign a receipt.

Will you save with a volusion merchant account? There’s no way to tell based on the information provided. You will not be getting 2.17% ecommerce as a flat rate. They do explain on their site there is a $.27 per transaction fee, gateway fee, statement fee, etc all pretty standard stuff. But what you don’t know is, what transactions will qualify for the 2.17% ecommerce rate?

Is that for debit cards? With debit interchange for ecommerce at 1.55% plus $.15 per transaction, that’s 63 basis points profit. Now I don’t know if that’s what they are referring to, but if you have a sizable business, please call me and you’ll save real money! I can’t imagine this being a good deal for anyone but small businesses with under $50,000 per year. What is their rate for rewards cards, which represent usually over 40% of cards presented? If you authorize, but don’t capture on the same day, it’s highly unlikely you’ll ever pay that rate, but will probably pay 20-70 basis points more or .20% to .70% more.

See also my article review of Volusion merchant accounts 101.

In conclusion, you can’t tell from their ad, but in all likelihood their solution is as good as any if you have a very small business with under $5000/mth since it will be easy to implement. However, be sure to read the fine print. Is your business expected to grow? What are the penalties for switching to another provider if you are unhappy with rates later ?

How can non-profits lower credit card processing costs for online donations? Video presentation specifically reviews these costs with real examples so controllers and CFO’s can benchmark their current costs vs actual lowest costs possible. Based on Visa and MasterCard Associations  2009 interchange rates and actual non-profit merchant statement reviews.

Lowering Credit Card Processing Rates for non-profits presentation

If you don’t have a internet merchant account already, our suppliers have some very specific requirements that you need in addition to traditional merchant account requirements. I hear all the time from people how ‘the other vendors’ don’t require as much paperwork or they don’t ask the same types of questions. Well folks, the ‘other vendors’ may not be helping you build a successful PCI Compliant business with the right price plan either. The items on the list below are so basic, they are essential elements to setting up your business for success.

These are Visa requirements for ecommerce merchant accounts. A document with these questions answered is turned in with the merchant application along with a print of the checkout page to prove the info is there. If the information is not on the site, the application cannot be submitted until it is ready. If the site is under development, screen shots can be submitted that have the required information.
INTERNET REQUIREMENTS CHECKLIST (All answers must be yes.)

1. Website active and URL on application?
2. DBA on site MATCHES name on application?
3. Customer Service number or email listed?
4.  Return/Refund policy present?
5.  Merchant’s Privacy Statement is included?
6.  Website Secure Order Page?
7. Products/Services listed with price?
8. Delivery Method and Timing are clearly stated?
FAQ

Can you give me the code for our web programmer for ecommerce checkout?

What you really want to know is the gateway information. That information is sent directly to the merchant. The merchant can share whatever data with you they like.  If you need help with your web site development, we have seasoned USA professionals available on an hourly fee basis.

What if my web site is not live yet? We cannot submit your merchant application without the information above.  Screenshots from your web developer, or artist renditions that show this information can be used in lieu of a live web site.

Can you set up my gateway account? Yes. We are an authorized reseller for major gateways. We cannot obtain a gateway account for you before there is a merchant account because the merchant account ID and processing platform are needed as part of the set up.

Why do I need a separate merchant account for ecommerce orders?

1. When you are issued a merchant account, it is based on specific information presented. When you use a retail account to process ecommerce orders, you are no longer complying with the original agreement. A card not present or mail order / phone order (MOTO) account is not the same as an ecommerce account. Again, it goes to how you agree to collect and process credit card orders. As shown above, there are additional criteria that must be presented to obtain an ecommerce merchant account. If you don’t comply, your account can be closed any time.
2. Aside from compliance, you’ll always want the right type of account to qualify for the lowest interchange rates. There are specific criteria to be met for every type of account and card presented. If you have a retail swipe account, the expectation is that you swipe a card. When you don’t, you get downgraded to a higher rate. If you make an ecommerce transaction on an ecommerce merchant account, you can qualify for rates lower than what the swiped non-qualified rate would be, but also higher than what a swiped transaction would be. Without getting into more depth, the main point is, you want to QUALIFY for the best rates for any given card presented and that can only happen when you have a merchant account that matches the types of transactions you are presenting to the card associations.
3. You’ll lose virtually any customer dispute for ecommerce transactions on a retail merchant account. Since a retail account expects to receive magnetic stripe data and a signature, when you cannot produce it you will lose disputes.

There are increasing reports of ecommerce businesses reporting small transactions online- usually for a couple of dollars. Consumers have reported similar transactions on their statements, for purchases not made by them. In both cases, they are tied to stolen credit card data.

Some credit card issuers have taken a very aggressive stance in identifying these types of transactions, including developing special algorithms, and are calling consumers to tell them about suspected fraud. Their cards are being replaced at no cost to consumers. Reports of these transaction types have been increasing since late December.

Are they related to the Heartland Payment Systems data breach? Some banks are automatically replacing all cards issued if they have a Heartland relationship. Specific tie-ins to the $1 and $2 transactions have not been made public yet, but the timing seems to match up.

RECOMMENDATIONS