Keeping Ahead of the Thief: PCI Compliance for the Small Business
TJX, Hannaford, Okemo Mountain and others have drawn massive attention as large merchants who have
been breached and had millions of consumers’ data compromised. While breaches at these large
corporations certainly represent more data than that of most of the 6 million small merchants nationwide,
small businesses are not exempt from having consumer credit card information stolen, or from meeting
the same requirements for protection of sensitive consumer data. In reality, it is imperative that these
businesses begin to see themselves as targets and put steps in place to combat data theft.
However, there is a lack of education for small merchants about data security and compliance issues. According to Visa and the National Federation of Independent Business (NFIB), 57 percent of small
businesses do not view securing customer data as something that requires formal planning, and 39 percent say they rely on ‘common sense’ to keep their data safe. What these businesses must realize is that common sense is simply not enough to comply with the payment card industry data security standards (PCI DSS), which must be met by any merchant accepting credit card payments. And as more and more of the larger merchants become compliant and the high-profile breaches slow, industry attention will turn to the small merchant.
PCI DSS compliance can be costly; large companies are spending millions on complex technologies to protect cardholder data. But there is good news for small merchants: depending on the method of
processing and transaction volume, compliance can be achieved relatively easily and quite affordably. Here are several steps small businesses can take to work towards the safety and security of customer’s
data and that can also aid in becoming PCI compliant:
- View compliance as a necessity, not an inconvenience. Merchants should view compliance as an opportunity to improve and verify the security of their customers’ card data.
- Educate yourself on PCI. Research the recent data losses and the growing acronym PCI DSS. Additional information can be found at https://www.pcisecuritystandards.org/tech/saq.htm.
- Keep yourself up-to-date on compliance. Requirements and timelines for compliance are continually amended; small businesses need to ensure they are armed with the most up-to-date knowledge and
equipment. This is especially important for those considering opening their own establishment, since new Level 4 merchants must be compliant by October 1, 2008. There are merchant education strategies for those independent merchants seeking reliable direction in addressing PCI DSS.
- Opt for services that ease the burden of PCI compliance. When implementing your POS system; look for solutions that simplify PCI compliance by choosing a solution that encrypts card data at the ‘read
head’ such as the MerchantWARE solution from Merchant Warehouse - to ensure sensitive customer data is never exposed. With no access to consumer credit card data or personal information businesses will automatically meet five of the twelve PCI DSS security standards, including the most intensive and costly.
While adhering to these tips will not guarantee compliance or that a business will not be hacked, they can help forge a path towards better safety and security for customer data, while building a solid foundation for mandatory compliance requirements. And just as important is the invaluable asset of customer trust; putting customers’ minds at ease by informing them their data is safe and secure will only contribute to their ongoing loyalty and keep business growing.
Henry Helgeson - President
The Free Terminal program
Ever hear the old phrase “Nothing is for free?” Every day we are given “free” offers from numerous fast food chains, restaurants, and more. Now think back to whether you’ve ever heard the phrase “Buy none, get one.” Or, “Free small coffee, no purchase required.” Doesn’t happen too often, does it?
While researching merchant account services providers and equipment you must certainly have seen offers for free terminal deals. But before you walk into a trap, ask yourself the following questions:
What is the contract or termination fee? Always ask for the schedule of fees and the program guide to make sure that neither the provider nor the back end processor has a contract or termination fee. When you’re locked into a contract, you might be paying for that “free” credit card terminal with increased rates every three months or a surprise “added” annual fee. Merchant Warehouse has no contract or termination fee, which means that A) We have every incentive to keep you happy and processing with us for a very long time, and B) We can’t arbitrarily raise our rates or provide lousy customer support, since it is so easy for you to leave us.
What kind of terminal are they giving me for “free”? Our site is a good point of reference for you. Since we buy all of our equipment wholesale, we can offer credit card terminals at guaranteed lowest prices. So, if you are a new business being promised a “free” terminal that is worth hundreds of dollars on our website, that should raise a red flag. If you own a fine dining establishment, would you run a promotion where you’re giving away free lobster tail and filet mignon?
What happens if the terminal breaks? If you read the terms and conditions, you may find a hidden clause that states if the terminal breaks you have to wait weeks while it’s being repaired. Merchant Warehouse’s free terminal program includes overnight replacement insurance. If you drop the terminal, spill something on it, or it’s struck by lightning, we overnight you a replacement, no questions asked.
What is the condition of the equipment you are purchasing?
Is it new or used? Merchant Warehouse only sends out new units for our free terminal program that are programmed and tested in house before it gets to your door.
So remember, if a deal seems too good to be true, it is. Make sure you are getting the best package deal, because when you think about it, if you walk into a car dealership and try to get something for free or with no strings attached, you’re likely to end up with a piece of junk that breaks down on the highway.
Shannon Andrade - Account Executive
Shopping for Credit Card Processing rates
“Give me your best rate!” Those are the words that any Sales Rep in the merchant service industry will agree are by far the most dreaded. Upon uttering those 5 words, it is almost certain that the conversation is headed down a dark road. But I have to say, I don’t often blame the merchant; IF they can remain malleable to hearing me out.
When a merchant starts “shopping” for credit card processing, they are drawn to a company’s site by numbers. Whether it’s a discount rate or a terminal price, the merchant will click on the lowest number they see on their Google search page. What the merchant doesn’t know is that, 9 times out of 10, the numbers they see are most definitely not what they are going to get.
The notion of “what you see is what you get” does not apply to the merchant service industry in most cases. So when a merchant tells me flat out to give them my “best rate” I try to back them up about 10 paces and explain to them that a merchant account is made up of many more elements than one single rate, and it is crucial that they look at each and every rate and fee for all the companies they are researching. I tell them they must take the time to do a TRUE “apples to apples” comparison to in order to truly assess which company has the best overall deal.
Chances are good that the company who offered them a 1.18% has a $25 monthly minimum and a 3 year contract with a $200 early termination fee. It frustrates me to see how many merchants take these “low rate” numbers at face value and end up getting burned.
In summation, I encourage merchants to “shop around” as long as they are doing so from an educated place where they ARE looking at the whole package and are not staying fixed on one rate, using that as their basis for comparison between companies.
Erin Leddy - Account Executive
MerchantWARE and BINsmart in the news
Merchant Warehouse’s new credit card processing cost reduction tool, the BINsmart Interchange ManagerTM for MerchantWARE, was unveiled back in July, and the response has been overwhelming. Various trade publications covered the release, and both Merchant Warehouse and MerchantWARE have been featured in articles related to electronic payment systems and credit card fraud issues. Here is some of what they had to say:
ISO&Agent Weekly
On July 24, 2008, ISO&Agent Weekly announced the release of Merchant Warehouse’s BINsmart Interchange Manager, the latest addition to the MerchantWARE payment gateway.
BINsmart determines whether a card used is credit, debit, or a corporate card by reading the first 6 digits (called the Bank Identification Number, or “BIN”).
“If the system identifies the card as a debit card, it will send back a response to the point of sale system to prompt for a PIN number”, said Henry Helgeson, President and Co-CEO of Merchant Warehouse.
BINsmart complies with the Payment Card Industry Data Security Standard for payment applications because it does not store credit card number. BINsmart is also free to developers that add Merchant Warehouse’s payment gateway.
Merchants could benefit from lower interchange fees for debit transactions as their system can identify card type.
Cardline
On July 25, 2008, cardline announced the release of Merchant Warehouse’s BINsmart Interchange Manager.
Currently working with integrated point of sale systems, BINsmart enables systems to prompt for a PIN number when a card is determined as ‘debit’.
BINsmart complies with the Payment Card Industry Data Security Standard for payment applications because it does not store credit card number. BINsmart is also free to developers that add Merchant Warehouse’s payment gateway.
Merchants could benefit from lower interchange fees for debit transactions as their system can identify card type.
Transaction World
In the August, 2008 issue of Transaction World, Jim Romeo looks into the effects of electronic payment systems and interchange fees on the current state of the U.S. economy. Henry Helgeson, President and Co-CEO of Merchant Warehouse, discusses the potential affect of the Credit Card Fair Fee Act of 2008 and how important it is to capture the attention of legislators and educate them on the how interchange fees are established.
Beverage Media Group
In the August, 2008 edition of Beverage Media Group, Ian Griffith discusses the rise of credit card fraud over the past three years in the U.S. and how compliance with PCI-DSS (Payment Card Industry Data Security Standard) can help. PCI DSS represents a methodology with 12 requirements to help increase card data protection.
Although very few wine stores process over 6 million credit card transactions per year, stores below this threshold qualify for conducting a self-assessment questionnaire along with a quarterly network scan conducted by a third party.
Henry Helgeson discusses a new product released by Merchant Warehouse called “MerchantWARE”, which encrypts card information at the point of swipe.
RIS – Retail Info Systems News
On August 7, 2008, RIS Online announced that Merchant Warehouse released a new tool to help small and mid-sized merchants reduce their overall processing costs.
The solution, called the BINsmart Interchange Manager, allows retailers to identify card type (credit, debit, or corporate card) at the swipe by reading the first 6 digits (called the Bank Identification Number, or “BIN”).
Don’t Change Processors Based On Rates Alone
Risks of Changing Processors Due to Lower Rates
Some merchants call to cancel their merchant accounts because they believe they are offered better rates from other processors. They tend to jump to conclusions and want to cancel, not realizing we can match or beat anyone else’s credit card processing costs. More importantly they aren’t aware of the risks they can face by switching to another processor.
Once a merchant has a schedule of fees that they are being offered by another processor, he/she can simply fax it to us and we will gladly evaluate to determine how we can help accommodate the merchant. In many instances we find many undisclosed “hidden fees.” These fees could include a contract with a costly early termination fee.
For example, in one particular case, a merchant who I had previously helped on a number of occasions called me. She wanted to inform me that she had canceled her merchant account with us a few months prior. She said the client service representative she spoke with recommended that we look over the competitor’s contract and fees. However, she wasn’t interested and wanted to cancel immediately. She admitted that switching processors was a huge mistake. Although some of her rates were slightly lower, the customer service was inefficient and not helpful whatsoever. She wanted to revert to us, but was locked into a contract which included a $395.00 early termination fee which she was never clearly made aware of. It was mixed in with a cluster of small print jargon on the application. We were able to offset a portion of her cancellation fee which made it possible for her to return to Merchant Warehouse.
In addition to unhelpful customer service and hidden fees, not getting funded on time, annual fees, and unexpected rate increases are other problems that an uninformed merchant can encounter after switching processors.
Eve Miceli - Account Manager
Merchant Warehouse Named to 2008 Inc. 5000 List of Fastest Growing Private Companies
Merchant Warehouse has been named among the top 100 businesses in the Boston/Cambridge/Quincy (Massachusetts/New Hampshire region) category on the Inc. annual ranking of the 5,000 fastest-growing private companies in the country. The company also posted a strong overall rank on the coveted Inc. 5000 list with three-year sales growth of 145.3 percent. The Inc. list is the most comprehensive look at the most important segment of the economy - America’s independent-minded entrepreneurs. Taken as a whole, these companies represent the backbone of the U.S. economy.
“We are honored to be included in the Inc. 5000 list among some of the top companies in the United States,” said Henry Helgeson, President and Co-CEO of Merchant Warehouse. “Celebrating our tenth year in business, we have seen tremendous growth, and that success is in direct correlation with our dedicated employees and the loyalty of our customer base.”
“Our second annual Inc. 5000 continues the most ambitious project in business journalism,” said Inc. 5000 Project Manager Jim Melloan. “The Inc. 5000 gives an unrivalled portrait of young, underreported companies across all industries doing fascinating things with cutting-edge business models, as well as older companies that are still showing impressive growth.”
With more than 40,000 merchant customers and ten years experience, Merchant Warehouse has set the standard in the credit card processing industry by providing credit card processing software, POS equipment, and merchant services ethically and at a reasonable price.
About Inc.com
Inc.com, the daily resource for entrepreneurs, delivers how-to guides, advice, tools, breaking news, and rich multi-media to help business owners and CEOs start, run, and grow their businesses. Inc.com offers dynamic marketing solutions to help advertisers effectively reach Inc.com’s audience of business leaders. Visit http://www.inc.com.
About Inc. 500|Inc. 5000 Conference
Each year, Inc. magazine and Inc.com celebrate the remarkable achievements of today’s entrepreneurial superstars - the privately held small businesses that drive our economy. The Inc. 500|Inc. 5000 Conference brings together members of the Inc. 5000 community-both a new class of Inc. 5000 honorees and the list’s alumni-for three days of powerful networking, inspired learning, and momentous celebration. For the first time ever, this powerful networking event is open to all. Please join us September 18-20, 2008 at the Gaylord National Resort and Convention Center in Washington, D.C. For more information or to register, visit www.Inc500Conference.com or call us at 877-211-0489.