Business Credit Card Acceptance Data

Business credit card acceptance and other electronic payment methods comprised over three-quarters of all non-cash payments by number and more than half by aggregate amount in 2009, according to Federal Reserve data. Electronic payments are defined as ones that are cleared over a card network (e.g. Visa or MasterCard) or through the ACH system. They do not include large-value funds transfer systems, which are not analyzed in this study. The number of e-payments grew 9.3% per year on average from 2006 to 2009. The ratio of electronic payments to overall non-cash transactions rose from 67.9% to 77.6% during the same period. The total amount of e-payments rose by 6.0% per year, growing from 45.1% of non-cash payments in 2006 to 56.3% in 2009.

Over half (60.0%) of all non-cash payments in 2009 were made with debit, credit, or prepaid cards, making up 4.8% of the aggregate amount. By contrast, ACH payments represented 17.5% of non-cash payments and 51.4% of the value.

Business credit card acceptance was the only payment form to show a decline for the period from 2006 to 2009 (-0.2% per year, on average). There were a total of 21.6 billion credit card payments in 2009, 151 million below the level measured in 2006. The total amount was $1.9 trillion in 2009, down from $2.1 trillion in 2006. This fall in credit card use could be reflecting the economic slowdown and may not necessarily indicate permanent changes in the behavior of businesses and consumers. For reference, the rate of seasonally adjusted consumer revolving debt, mostly comprised of outstanding credit card balances, in the U.S. rose in every month from January 2006 to its highest level in August 2008 before falling in every subsequent month through December 2010.

By contrast to business credit card acceptance, debit card transactions continued to grow in double digits from 2006 to 2009 and represented 34.8% of non-cash payments in 2009 (2.0% by value). Total debit card transactions rose 14.8% per year for the period. PIN debit payments rose more quickly (15.6% per year) than signature-based debit transactions (14.3% per year). The rise in the absolute number of signature-based debit payments from 2006 to 2009 (7.7 billion) was greater than the total rise in PIN debit payments (5.1 billion).

On average, the value of the signature-based debit transaction fell from 2006 to 2009 from $40 per item to $37. By contrast, the average amount of PIN-based debit payments rose during this period, from $37 to $39 per item.

E-Commerce Merchant Account Rules for Returns and Refunds

E-commerce merchant account users are responsible for setting up their merchandise return and refund (credit) policies. Clear and straightforward disclosure of these policies can assist you avoid misunderstandings and possible cardholder disputes. The credit card companies and Associations will endorse your policies, as long as they are properly disclosed to consumers prior to the completion of a transaction.

If you don't know what the proper way to disclose your return and refund policies is, contact your processing bank for further information.

For face-to-face transactions, Visa and MasterCard acknowledge that adequate disclosure has been given before a payment is completed if the following (or similar) statements are clearly printed on the front of the transaction receipt, around the customer signature line. Following is a list of the accepted disclosure statements and a brief explanation for each of them:

• No refunds, returns, or exchanges - this means that your business does not issue credits / refunds and does not accept returned items or merchandise exchanges.
• Exchange only - your business agrees to exchange returned items for similar products that are equal in price to the amount of the original sale.
• In-store credit only - your organization accepts returned items and gives the customer a store credit for the amount of the original sale.
• Special circumstances - your organization and the consumer have agreed to special sale terms (for example late delivery fees or restocking charges). The agreed-on terms need to be written on the sales receipt or a similar document (e.g., an invoice). The customer's signature on the receipt or invoice proves acceptance of the agreed-on sale terms.
• Timeshare - your business is required to provide a full refund when a sales receipt has been issued and the customer has cancelled the transaction within 14 calendar days of the payment date.

For mail order and telephone order (MO / TO) merchants, your return and refund policies can be mailed, e-mailed, or faxed to the customer. To complete the transaction, the customer should sign and return the disclosure statement to the retailer.

For e-commerce merchant account users, your website must disclose your return and refund policy to the customer and require the latter to select a "click-to-agree" or other affirmative button to acknowledge acceptance of the policy. The terms and conditions of the sale must be clearly displayed on the same screen as the checkout information that states the total sale's amount, or within the website pages the customer accesses during the checkout process.

Merchant Payment Account Rules

Merchant payment account users must follow certain basic card processing rules for all transactions, including the following:

• Taxes. All taxes should be included in the final transaction amount and should never be collected separately in cash.
• Card acceptance. Accept all valid cards of the brands listed in your merchant payment account agreement.
• Minimum and maximum transaction amount. Check with your processing bank on what is the minimum sale's amount that you are permitted to charge. U.S. retailers can set a minimum sale's amount on credit card transactions that must not exceed $10, must not treat different card issuers or card brand differently, and doesn't apply to sales paid for using a debit card.
• No surcharging. Always treat card transactions like any other forms of transactions. Merchant payment account users must not assess any surcharge on a card transaction.
• Prohibited uses. Retailers must never use a bank card number to refinance existing debts or for payment for a debt that is considered uncollectible (that is, to recover funds for a bounced check).
• Convenience fees. For retailers who provide an alternate payment channel (such as mail, phone, or a website) for consumers to pay for merchandise or services, a convenience fee can be added to the sale's amount. If the retailer elects to charge a convenience fee to consumers, the merchant payment account user must comply with applicable Association rules regarding convenience fees.
• Laundering. Retailers must only deposit transactions only for their own businesses. Doing it for another business is called laundering and is strictly prohibited.
• Zero-percent tip. For restaurant, limousine, taxi, bar, barber shop, and health transactions with a credit or debit card, the merchant payment account user should authorize only for the check's amount, not adding an estimated tip. Customers can now check their credit or debit accounts in practically real time by telephone, over the web, or at an ATM. An authorization that features a calculated tip can limit a consumer's available funds or credit line by an unexpected amount. This can happen if a customer leaves a cash tip or adds one that is less than the calculated amount used for the authorization request. For instance, a restaurant submits an authorization request for an estimated 20 percent tip, however the consumer actually adds on only 15 percent. Also, be advised that your restaurant authorization approvals are valid for amounts up to 20 percent higher than the check amount.
  

Bank Merchant Services Interchange Facts

Bank merchant services interchange fees are not a tax, nor are they hidden or paid by consumers. It is instead a fee that is paid between the acquiring bank and the consumer's bank and serves to distribute costs in the card processing systems of Visa and MasterCard. Interchange makes up a major part of the discount rate, which merchants are assessed for the benefits they get when they accept credit and debit cards. These benefits include increased sales, fraud detection and quicker payment.

Bank merchant services discount rates, which can feature fees for processing payments or terminal leasing, are only one of multiple other costs a retailer has to account for when running a business. Consumers are well aware that retailers factor all of the expenses of running their operations into their pricing. Attempts to label such expenses as a hidden tax on Americans would be like claiming that utility costs are a hidden tax.

Interchange fees are not paid by customers. They are paid between banks participating in card transactions. Not to mention that retailers are free to give discounts to customers who use cash and checks for payment.

MasterCard and Visa establishes the bank merchant services interchange fees to offer incentives to retailers to take cards and to banks to issue them. Moreover, while The Associations set the interchange fees to allow for efficient interaction among the thousands of their member banks, they receive back no revenue from them.

If a bank merchant services user is not satisfied with the discount rate it has been given by its bank for payment acceptance, that business has multiple options: it can offer discounts to customers who pay with check or cash, ca negotiate a different discount rate with its processor, or switch to another who offers more attractive rates, or indeed choose not to accept bank cards at all. There is a huge competition for payment processing among banks and service providers. Retailers, of course, can decide which payment proposal they accept and can elect to encourage customers to use any given payment choice.

Interchange fees have increased quite slowly (1.9 percent for the past two decades – much lower the inflation rate). Total interchange rates are paid among Visa and MasterCard member banks and have risen as more retailers have begun accepting payment cards. Moreover, according to a recent report, U.S. retailers actually pay bank merchant services discount fees that are lower than those charged in many other countries.

Merchant Bank Account Requirements for Compromised Entities

Merchant bank account entities that have suffered a suspected or an actually confirmed data security breach must take immediate action to help prevent further exposure of sensitive data and achieve compliance with the Payment Card Industry (PCI) Data Security Standard (DSS), PCI Payment Application Data Security Standard (PA-DSS), and the PCI PIN Security Standards.

Merchant Bank Account Requirements for Compromised Entities

Here is a list of concrete actions you should take if a breach is confirmed or suspected:

1. Immediately contain and minimize the exposure. Limit data loss. Prevent the additional loss of information by conducting a complete investigation of the compromise of information. Compromised organizations need to consult with their own incident response team. To save evidence and facilitate the investigation:
   • Never access or change a compromised payment processing system (that is, don't log in at all to the compromised system and change passwords; don't log in as ROOT).
   • Do not shut the compromised system off. Instead you should isolate all compromised systems from the rest of the network (that is, unplug the network cable).
   • Store evidence and logs (that is, evidence, security events, internet, database, firewall, etc.)
   • Note all actions you take.
   • If yours is a wireless network, replace the Service Set Identifier (SSID) on the access point (WAP) and all other systems that may be on this connection (excluding any systems that are believed to be compromised).
   • Remain on alert and keep an eye on the traffic on all systems storing customer data.
2. Inform all involved parties immediately, including:
   • Your internal incident response and information security teams.
   • Your merchant bank account acquirer.
   • The appropriate law enforcement agency.
   • Your legal department to establish whether notification laws are applicable.
3. Provide all compromised account data to your processor or to the Associations within ten business days. All possibly compromised accounts must be identified and transmitted as instructed by the processing bank. The Association will then distribute the compromised card account numbers to the affected card issuers.
4. Within three business days of the confirmed or suspected compromise, send an incident report to the merchant bank account acquirer or to MasterCard and Visa.

To contain the impact of a consumer data security breach, the Associations have established an Incident Response Team to help card acceptors in forensic investigations. In the event of a confirmed compromise, the Associations will quickly send a team of forensic specialists to the site to help identify security issues and control exposure. The forensic data gathered by the team is then used as evidence to prosecute fraudsters.

Novus Credit Card Processing Dispute Resolution

A card issuer may initiate Discover / Novus credit card processing disputes on its own behalf or on behalf of its customers. The issuer starting a dispute needs to forward all relevant documentation in support of the dispute to Novus / Discover at the time it is initiated. Discover receives, collects and compiles data and paperwork regarding any disputes from issuers and then sends dispute notices to merchant banks and retailers notifying them of the disputes. Upon receipt of all required or available evidence relevant to the dispute and the transaction, Discover resolves it and informs the parties of its decision.

Depending on the kind of dispute and the response from the payment processing bank or retailer, Discover investigates and resolves the dispute, following receipt of the processor's or retailer's response.

Discover / Novus will not contact a customer directly to obtain data or documentation in support of a particular dispute. If, during the investigation process, it determines that any paperwork provided by the Novus credit card processing acquirer or retailer requires review by the customer, it will forward the documentation to the issuer who will then provide to its cardholder.

Issuers are required to use the Discover System to initiate all disputes, either on their own behalf or on behalf of their cardholders. Consumers cannot do it themselves and an issuer cannot advise a cardholder to contact Discover directly regarding a claim. The issuer must obtain information regarding the dispute, including all relevant documentation, from the customer. They are also responsible for forwarding to their customers all Novus credit card processing acquirer and retailer responses. If no accurate and complete information is obtained from the consumer, the result may be that Discover resolves the dispute against the issuer.

Similarly, unless it is required by law, Discover / Novus will not contact an Novus credit card processing acquirer's merchant directly regarding a dispute. If a processor or retailer wants to review the supporting paperwork submitted by an issuer, they will need to request it from Discover. In addition, Discover may initiate a dispute if the acquirer or retailer fail to comply with their obligations.

Discover will notify the parties involved in a dispute of its decision within five business days of receiving the complete documentation from the Issuer and from the processor or card acceptor, in each case, as required under its rules. If the losing party protests the resolution of the dispute, it can appeal the decision by initiating a dispute arbitration request.

American Credit Card Processing PIN-less Procedures

It's up to MasterCard and Visa's member banks to assist American credit card processing businesses in the understanding and implementing payment acceptance rules governing a PIN-less payment option for some debit cards. To achieve that, payment processing companies are usually willing provide training to merchants and their third-party service providers to make sure that the following best practices are properly adopted before the PIN-less point-of-sale terminal system is implemented.

Three Steps to Processing PIN-less Debit

Here is how PIN-less debit should be processed by American credit card processing merchants:

1. Offer the consumer a clear payment choice. Confusion can often occur if customers think that they are paying with one payment brand, but the transaction is in reality processed on another brand. For example, a cardholder who chooses payment by American Express should always have her selection honored. Choices such as "Debit" and "Credit" may be confusing, as they often have different meanings depending on the consumer's own understanding. The choice of a payment brand offers a clear selection to the customer. This is why it is best for American credit card processing companies to offer their customers with a menu of supported brands.
   • For e-commerce merchants, offering a menu or radio button that lists all of the supported payment brand options and enabling the customer to make a well informed choice.
   • For mail order and telephone order (MO / TO) businesses that instruct consumers to select their favorite payment method using a Voice Response Unit (VRU) or customer support agent, it allows identifying specific payment brand choices, rather than generic and confusing terms such as credit, debit, and ATM.
2. Honor the customer's selection. If the consumer indicates that she wants to pay with a Discover card, the American credit card processing merchant must make certain that her choice is honored. A retailer is allowed to advertise to the customer other types of payment, but it cannot confuse or mislead the consumer or withhold important information in the process. To put it simply, the choice ultimately belongs to the consumer. A payment can only be processed as anything other than Discover (in our example) if the consumer has chosen another method of payment.
3. Confirm the selection. To eliminate any kind of confusion about the consumer's choice of payment, retailers should provide a confirmation page or voice confirmation that states the chosen payment option (for example, Discover, Visa, MasterCard, American Express, etc).

How Merchant Credit Card Account Users Should Identify Fraud Signs

Merchant credit card account users that process payments in a card-absent environment should develop in-house policies and processes for managing atypical or suspicious transactions and offer sufficient training for their sales staff. Being capable of identifying dubious orders are even more important for card acceptors involved in e-commerce and mail order and telephone order (MO / TO) sales, and personnel should be provided with specific instructions on the actions they need to take to verify these orders.

Everyone of the sales staff of a merchant credit card account user needs to be on high alert for any of the indicators of suspicious customer behavior that are listed below:

• Rush transactions: Urgent request for a fast or overnight delivery - the type of customer who "wants it yesterday" - have to be red flagged for possible fraud. While often completely legitimate, such orders are one of the most often seen signs of "hit and run" - kind of fraud schemes that are targeted at obtaining merchandise for quick resale, or "flipping" it.
• Random transactions: Watch out also for customers who do not appear to care much if a particular item is out of stock - "You don't have it in green? What other colors do you have?" - or who buy randomly - "I'll take one of everything!" Again, orders of this kind may be intended for a subsequent resale, instead of for personal use.
• High-risk delivery address: Evaluate and red flag any transaction with a shipping address that is not identical with the billing address on the consumer's credit card account:
  • Demands to deliver merchandise to P.O. boxes or an office address are quite often linked to fraud.
  • Maintain a list of ZIP codes where high rates of fraud are prevalent and verify any transaction that has a shipping address in these areas.
• Hesitation: Watch out for consumers who hesitate or are not certain when giving you their personal card information, such as a ZIP code or the spelling of their own family or street name. This is again quite often an indicator that the customer is using a false identity.
  

In examining what looks like an atypical order, merchant credit card account users that accept credit cards over the phone or online should bear in mind that, as always, if a sale sounds too good to be true, it almost surely is.

There are plenty of solutions that use customizable filters and systems that enable small retailers to better identify and prevent suspicious transactions and you should take advantage of them.

E-Commerce Credit Card Processing Fraud Prevention

Today's e-commerce credit card processing user has a lot of options for detecting and preventing bank card fraud. To keep your organization save, you need to build a solid risk management system. Visa and MasterCard continue to build on their web-based fraud prevention tools to expand on their own internal efforts.

MasterCard SecureCode and Verified by Visa

These two e-commerce credit card processing fraud prevention services provide cardholder authentication for online transactions. Designed on the 3-D Secure protocol, the two authentication service validate the authenticity of cardholders to participating merchants. They allow consumers to choose a password with their card's issuer, and then to use it to validate themselves in a transaction. This helps retailers ensure that the card number cannot be used fraudulently on their e-commerce website.

E-commerce credit card processing users offering MCSC and VbV to their customers need to initially incorporate a software module called a Merchant Plug-In (MPI) on their web hosting server. Merchants who elect to implement MCSC and VbV have to use PCI compliant providers and merchant account processors.

Keep in mind that an MCSC and VbV merchant that is identified by the Merchant Fraud Performance (MFP) program could be subjected to a particular type of chargeback: Reason Code 93: Merchant Fraud Performance Program.

E-Commerce Fraud Screening

Today, a great many fraud screening systems and practices are available to enable e-commerce credit card processing users in assessing the risk of a given payment and, in some cases, suspend its processing if certain pre-determined high-risk characteristics are found. Merchants are encouraged to devise their own internal fraud screening procedures or use a third party screening service.

A strong fraud screening system will suspend a payment if information:

• Matches data stored in the merchant's internal negative files.
• Exceeds pre-defined velocity limits and controls.
• Detects an AVS or security code mismatch or no match.
• Match other high-risk signs. For example, payments placed with anonymous e-mail addresses, high-risk shipping addresses or foreign-issued cards.

The merchant need to also design cost efficient and timely evaluation procedures for calculating high-risk transactions. More to the point, such fraud screening procedures need to help retailers avoid manual review of payments in which potential fraud loss would be less than the aggregate costs of screening and evaluation.

Separate Low Risk Transactions

For many e-commerce credit card processing users, getting third party fraud scores for each transaction may not always be cost-effective. The merchant can reduce costs by separating low risk or low-value orders, where the potential losses are lower than the cost of the scoring procedure itself, thus taking them out of the scoring process.

How Processing Credit Cards Works

Besides the merchant and their customers, several other entities are involved in processing credit cards. The following information will assist you and your sales personnel to better understand who does what in the acceptance of payments.

Who Takes Part in Processing Credit Cards

The following entities take part in the cycle of processing credit cards:

• Cardholder is an authorized user of bank cards or other types of payment products.
• Merchant is any business or non-profit entity that is authorized to take credit cards and other types of bank cards for the payment of products and services.
• Processor is a bank or other financial institution that contracts with merchants to accept bank cards for the payment of products and services. A processor may also contract with third party entities to enable merchants to be processing credit cards.
• Card issuer is a financial institution that owns the cardholder relationship. It issues bank cards and contracts with its cardholders for the billing and payment of transactions.
• The Associations of Visa and MasterCard are publicly-traded entities that work with banks that issue cards branded with their logos and / or sign up merchants to accept bank cards. The Associations offer card products, promotes their brands, and set the rules and regulations governing the participation in their programs. They also operate the world's two largest electronic payments network for processing credit cards to facilitate the flow of transactions between acquirers and issuers.

Visa and MasterCard provide a collection of systems that includes:

• An authorization process through which the card issuers can approve or reject individual bank card transactions.
• A clearing and settlement platform that enables processing credit cards electronically between acquirers and issuers to ensure that:
  • Transaction data moves from acquirers to issuers for posting to the cardholder's accounts.
  • Payment for transactions is routed from the issuers to acquirers to be then credited to the retailers' accounts.

Rules for Processing Credit Cards

Merchants are required to follow certain basic rules for processing credit cards. The consistent adherence to these rules will help you to improve customer satisfaction and manage your business more efficiently.

• Include all taxes in the total sale's amount. Any tax that the retailer is required to collect from the customer must be added to the total amount and should never be collected separately.
• Accept all types of valid bank cards belonging to the brands listed in your merchant agreement.
• Check with your processor on the minimum sale's amount that you are allowed to charge.
• Comply with any maximum transaction amounts that may be established by federal rules.