Inside the Black Hole

We constantly receive inquiries for e-commerce credit card processing services from applicants who are not quite certain what exactly such a service is and how their websites need to be built in order to be able to process online payments. This post will cover the basics of setting up an e-commerce website and merchant account.

An e-commerce credit card processing service does for web-based merchants what a point-of-sale (POS) solution does for brick-and-mortar businesses. The process is the same, only the tools are different. While store-front merchants use a physical POS terminal to read the credit card’s information and send a transaction authorization request to the card issuer over a phone line, their web-based counterparts use a shopping cart to collect the customer’s order and payment information, which is then encrypted and sent to the card issuer for authorization through a payment gateway.

To be able to accept credit card payments on your website, you will need the following:

• An e-commerce website. What makes an e-commerce website different from a non-e-commerce website is its ability to collect customers’ orders and then process their payments in a secure manner. It connects the merchant’s web-based store with a processing bank and, through it, with Visa, MasterCard and the banks that issue their cards, as well as with the other credit card companies. Specifically, your website will need to incorporate the following components:
  • SSL certificate. Secure Socket Layers (SSL) are services that encrypt data communicated online to provide security against unauthorized use. The SSL is identified by the “s” in the “https” at the beginning of the URL of a SSL-protected web page and often colors the URL bar.
  • E-Commerce shopping cart. Shopping cart is software that collects and organizes online customers’ list of items for purchase. Once the customer is ready to check out, the shopping cart calculates the order total and presents the customer with a payment information form to complete the transaction. All pages that contain sensitive personal information must be SSL-protected! There is a number of shopping cart providers out there, some of which offer their carts for free. The carts can also be custom-built by website developers.
  • Payment gateway. Payment gateway is a service that connects a shopping cart with the merchant’s payment processor’s system and transmits the transaction information that customers have provided. The processor then sends the information on to the card issuer for approval and the approval response is sent back to the merchant via the payment gateway. It is the e-commerce equivalent of the physical POS terminal used by store-front merchants in face-to-face transactions.
• E-Commerce merchant account. Merchant account is the service that enables merchants to accept credit and debit cards for payment. It is provided by a processing bank that is a member of Visa and MasterCard, either directly or through a third party. It links all of the above mentioned components into an inter-related system. Once a payment transaction is processed, the processing bank credits the merchant’s designated bank account for the transaction amount, after it subtracts its processing cost, as agreed on in the Merchant Agreement. The processing bank then sends a payment request to the card issuer, who credits the processor’s account, after it subtracts its own costs. The issuer then sends a monthly statement to its cardholder to complete the cycle.

There are many merchant account providers in the U.S. and you should always request proposals from at least several of them, before deciding on whom to sign up with. Make sure that you evaluate the whole proposals in their entirety and do not make your decision based on the single rate or fee that usually gets advertised on the providers’ websites.

Accept card payments quickly and safely

Accept online payments via credit and debit cards and electronic checks at the lowest processing costs. You will get:

• Free merchant account and Authorize.Net gateway set-up.
• No monthly merchant account or gateway fees.

Re-presentment is a chargeback that is rejected and returned to a card issuer by the merchant’s processing bank on the merchant’s behalf. A chargeback may be re-presented, or re-deposited, if the merchant or the processing bank can remedy the problem that led to the chargeback. To be valid, a re-presentment must be in accordance with regulations established by Visa and MasterCard and to be submitted within the specified time frame. The two Credit Card Associations have the final say as to the validity of a chargeback or a re-presentment, if the two affected banks cannot resolve the issue between themselves.

E-commerce merchants must understand their re-presentment rights and work with their processing banks to apply the necessary actions in a timely manner or otherwise these rights will be lost.

• AVS and Card Security Code re-presentment rights*. In cases of chargebacks associated with the use of the Address Verification Service (AVS) and the Card Security Codes (CVV2, CVC 2 and CID), processing banks can represent a charged back transaction if the merchant:
  • Received an AVS positive match in the authorization message and if the billing and shipping addresses are the same. A proof needs to be submitted of the shipping address and the delivery. You should design your sales and order processing procedures in a way that will allow you to store and easily access billing and shipping information for future references.
  • Submitted an AVS query during authorization and received a “U” response from a U.S. card issuer. This response means that the card issuer is unavailable or does not support AVS. Even though you did not receive a positive AVS match, you are still protected, because you attempted AVS verification.
  • Submitted a Card Security Code verification request during authorization and received a “U” response from a U.S. card issuer. The response means that the card issuer does not support the respective code. Just as with the above AVS verification response, you receive protection when the issuer does not support a card security code, because you attempted verification.

*Even though an acquiring bank has the right to represent a transaction on its merchant’s behalf under the above circumstances, there is no guarantee that the disputed items will be accepted.

If you believe that you have AVS or Card Security Code re-presentment rights on a charged back transaction, all available supporting evidence should be provided to the acquiring bank to be submitted with the re-presentment. Be advised that all relevant documentation must be submitted within a specified time frame. Every time supporting documentation is requested, your processor will notify you what the deadline for receiving it is. If you are late, you will forfeit your re-presentment right.

Verified by Visa and MasterCard SecureCode re-presentment rights. Merchants who participate in Verified by Visa and MasterCard SecureCode are in most cases protected from “unauthorized use” types of chargebacks. If you participate in these programs and receive a fully authenticated or attempted authentication response from the card issuer and the authentication data was provided in the authorization request, you retain re-presentment rights.

Learn how to minimize chargebacks and fraud

Learn how to minimize chargebacks and reduce your processing costs. The Chargeback Management kit contains a video and an e-book:

• E-Book – Chargeback Manual (40 pages).
• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).

The way customer service is provided in a card-not-present environment is quite different from the way it works in a face-to-face setting, yet the goal is the same: keeping customers satisfied with their shopping experience. Customers should be able to easily contact the merchant, whenever they have a question or a concern about an order, regardless of whether it is a brick-and-mortar store or an e-commerce retailer. Providing a convenient way for customers to contact you and addressing their questions in a timely and professional manner helps minimize disputes and chargebacks.

Consider incorporating the following best practices into your e-commerce organization’s customer service procedures:

• Offer an email inquiry option. E-commerce customers, just as their counterparts in physical stores, will have questions regarding a product, service or a detail of your shipping policy, for example. Providing an easy way for customers to contact you via email, followed up by a prompt response, will help minimize customer disputes and resulting chargebacks. The following best practices will help you do that:
  • Make your email contact option prominent and easily accessible on your website.
  • In order to make the handling of customer inquiries a more efficient process, provide separate email contacts for questions regarding your service / product information, customer support, back order and shipping information.
• Implement an email inquiry response policy. Consider the following best practices when developing and implementing such a policy:
  • Send auto-responder emails to your customers to acknowledge receipt of their email inquiries and to provide information on the expected time frame for submitting a response.
  • Ensure that your customer service department has enough staff to handle the incoming inquiries in a timely manner.
• Establish standards for email inquiry response and monitor your performance. Implement the following concrete procedures:
  • Set a standard time frame for responding to 100% of all email inquiries (for example 1 business day). You may consider using shorter time frames for responding to 75% or 90% of the inquiries.
  • Monitor your customer service staff’s performance to ensure that these standards are met and make adjustments, if necessary.
• Provide on your website a toll-free telephone number for customer service support. Many consumers prefer having their questions and concerns addressed in a conversation with a live person and are uncomfortable or unwilling to use the email response system. Implement the following best practices:
  • Prominently display on your home page a customer service toll-free number that customers can call.
  • Make sure that your customer service department is adequately staffed to handle all incoming calls in a timely manner.

Implementing these best practices into your organization’s customer service procedures will allow you to not only ensure that your customers’ concerns are adequately addressed, but it will also allow you to identify week spots in your business practices. You should regularly analyze the data from your customer service logs and make adjustments when necessary.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

All card-not-present transactions must be authorized before they are processed. The authorization response will typically be an approval or decline. E-commerce merchants need to develop a process for handling transactions after the authorization response is received and apply it consistently.

Obtaining authorization for card-not-present transactions. Obtaining an authorization is part of the process of verifying the cardholder’s identity and the validity of the transaction. When you submit your authorization request, consider the following:

• Avoid using a $1 authorization to verify if the account is in good standing.
• If the transaction has failed Verified by Visa or MasterCard SecureCode authentication, do not submit it for authorization, but instead request an alternative payment method.
• Include the card’s expiration date in your authorization request, but do not submit requests if the card is expired or no expiration date is provided.
• Obtain the card’s security code and submit it with the authorization request. Card security codes are the three-digit numbers that are found in the signature panels on the back of Visa (CVV2), MasterCard (CVC 2) and Discover (CID) cards and the four-digit numbers that are found slightly above and to the right of the account numbers of American Express (CID) cards.
• Obtain the cardholder’s billing address. You can submit an address verification (AVS) request to the card issuer separately or as part of the authorization request. Either way, you will receive an AVS response code, separate from the authorization response code, which will tell you whether or not the address provided by your customer matches the one the issuer has on file for their cardholder.

Once you receive the authorization response from the card issuer, you should be prepared to proceed with the transaction accordingly. Consider incorporating the following best practices into your post-authorization procedures:

• For approved transactions, email your customer an order confirmation. To reduce customer disputes, include in the order confirmation details about the purchase. This will also enable you to verify the cardholder’s email address. If the email address turns out to be invalid, you should research the situation and determine whether or not the order is legitimate.
• For declined transactions, review the situation and take appropriate actions. Consider contacting your customer to obtain corrected information or an alternative payment that may allow you to complete the sale. The following procedures should be followed:
  • Review authorization declines and contact customers to correct problems with their cards (e.g. wrong expiration date or card security code) or ask them for an alternative payment method.
  • If the card information is corrected, make sure to obtain authorization approval from the card issuer before completing the sale.
  • Regularly evaluate the success of your authorization decline review strategy and modify it, as needed.
• Monitor your transaction decline rates. This will help you identify potential problems in your post-authorization process. If the issues are adequately addressed, your approval rates and sales volumes will both increase, improving customer satisfaction in the process. In particular, you should:
  • Track your order declines by reason on a daily basis.
  • Separate transactions declined by the card issuer from those declined by you for suspected fraud or other reasons.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).

There are two distinct types of services to enable e-commerce businesses to accept credit card payments: dedicated merchant accounts and third-party merchant accounts. Both types can come in different shapes and forms and the processing rates can vary widely, based on a variety of factors, but the main characteristics of each are listed below:

• Dedicated merchant account. With this type of service, the whole transaction cycle takes place on the merchant’s website. Once the customer selects the items to be purchased, he is taken to the check-out page, which is SSL-secured on the server hosting the merchant’s website. Then the merchant’s payment gateway gathers the transaction information, encrypts it again and sends it to the card issuer for authorization. The authorization response (approval or decline) is routed back to the merchant through the gateway and the transaction is completed.
• Third-party merchant account. With this type of service, the merchant outsources the payment processing part of the transaction cycle to a third party. Once the customer selects the items to be purchased, he is taken to a check-out page hosted on the third-party service provider’s server. The merchant does not have to worry about purchasing and installing SSL certificates and payment gateways, as all sensitive personal information is entered on the third-party provider’s server and it is responsible for securely handling it. PayPal, Google Checkout and Amazon Payments are a few well known third-party service providers.

The above descriptions make it evident that setting up a dedicated solution is a much more involving process, requiring a certain level of technical knowledge to put all the pieces together. Moreover, once the account is set up, it requires continuous maintenance and constant attention. Additionally, merchant account contracts typically last two or three years. So it is a legitimate question to ask what benefits you get from your dedicated service that can justify the investment of time to set one up and then to maintain it, rather than just outsource the whole thing.

Well, the answer would depend on your circumstances. If your business is more like a side project, with small credit card processing volumes and you don’t seriously intend to put in the effort required to grow it, you would probably be better off using a third party solution (one of the PayPals of the world). If, however, you are fully invested in the project and it is your primary occupation, you should consider setting up a dedicated solution when you first build your online store or just as soon as your processing volumes grow large enough to justify it. By that I mean that there is a break-even point, which is different for every business, beyond which the lower processing costs, associated with dedicated services, fully offset the investment required to set up the system. The main benefits of operating a dedicated merchant account are:

• Professional image. A dedicated merchant account is seen as a sign that the business is of a certain size and it is committed to providing a complete shopping service to its customers. In this case at least, perception is reality. Before they are allowed to set up a dedicated merchant account, businesses must go through a strict application process, through which the processing bank verifies the legitimacy and credit worthiness of both the organization and its owners.
• Lower processing costs. The difference in processing rates between direct merchant accounts and third party solutions are significant and can add up, even for smaller businesses. A comparison between an average e-commerce merchant account, with rates of 2.15% plus $0.25 per transaction, and PayPal, with rates of 2.90% plus $0.30 per transaction, shows that the difference can be as high as 0.75% + $0.05 per transaction for merchants that process less than $3,000.00 per month. For a small business that processes $3,000.00 per month with an average transaction amount of $25.00, the dedicated solution would provide savings of $342.00 per year.
• Control over your account. With a third party solution, your processor has a complete control over your payment processing activities. In fact, the whole transaction process is conducted on their server. With direct solutions you get your money within a day or two, while third-party processors can hold it for longer and are much likelier to frieze your account in a case of a dispute over a particular transaction.

Learn how to lower your card acceptance cost

Learn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

• Video – Card Acceptance Best Practices for Lowest Processing Costs (18 min).
• E-Book – Payment Card Acceptance Guide (19 pages).