Arrow Blog

January 23, 2013 8:56 AM

The Ins and Outs of Surcharging

The subject of surcharging is one that has caused a great deal of confusion in our industry for quite some time. However, because the United States District Court for the Eastern District of New York preliminary approved a proposed settlement agreement in the In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation in November 2012, we are starting to see some clarification from the card associations.

As a result of the settlement agreement, Visa and MasterCard recently changed their Operating Regulations, giving merchants in the U.S. the ability to surcharge credit card transactions beginning January 27, 2013. To help understand the new rules, see the following summary of the rule changes.

A surcharge, sometimes called a checkout fee, is an additional fee that a merchant adds to a consumer’s bill when he or she uses a card for payment.

Here are a few rules regarding surcharging:

1. Surcharging is prohibited on debit and prepaid cards.

2. The surcharge must be the same for all credit card transactions of that brand, regardless of issuer.

3. The surcharge must be no greater than the merchant’s average discount rate for that brand’s credit card transactions.

4. The surcharge cannot exceed 4% in any event.

5. The surcharge must be the same for all transactions of that particular product, regardless of the card’s issuer.

6. The surcharge must be no greater than the merchant’s average discount rate for credit card transactions of that particular product, minus the regulated debit interchange rate (currently 0.05% + $0.22).

For U.S. merchants that accept credit or charge cards from other payment network brands, including American Express, Discover, and PayPal, surcharging practices are subject to a competitive “level playing field” limitation.

If the merchant accepts a competing payment network brand (e.g., MasterCard) that is as or more expensive to the merchant than another brand (e.g., Visa), the merchant may surcharge one brand’s (MasterCard’s) credit cards only in the same way as the merchant would be allowed to surcharge the competing payment network’s (Visa’s) credit card.

If the merchant accepts a competing payment network brand of credit card that prohibits the merchant from surcharging in a particular channel of commerce (i.e. either face-to-face or non-face-to-face), the merchant may not surcharge one brand’s credit cards unless it also surcharges the competing payment network’s credit cards regardless of the cost of that card to the merchant. In this case, the amount of the surcharge on the competing brand must be at least the lesser of the cost to accept the competing brand’s credit cards or the surcharge imposed on the first brand’s cards.

Visa and MasterCard require that merchants who decide to surcharge credit card transactions must satisfy the following notification and disclosure requirements:

1. The merchant must provide 30 days advance written notice to Visa, MasterCard, and the acquirer.

2. The merchant must provide clear disclosure to its customers that it is imposing a surcharge, including the amount, and that the surcharge is not greater than the merchant’s discount rate.

3. The dollar amount of the surcharge must be provided on the transaction receipt.

A merchant can satisfy its disclosure obligation to MasterCard by emailing merchant_surcharge_notification@mastercard.com and providing them with your business name, phone number, and merchant number and disclosing your intent to surcharge.

Merchants who choose to surcharge must notify Visa 30 days prior to beginning to surcharge; visit https://usa.visa.com/merchantsurchargenotification/inquiry to notify Visa.

Merchants who choose to surcharge must also notify Arrow Payments 30 days prior to beginning to surcharge.

Please note, there are 10 states have laws that limit or prohibit surcharging. These states include California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma and Texas. Please consult your legal advisor to make sure you comply with applicable state and local laws.

Visa has created numerous resources on this topic, including Frequently Asked Questions and other documents that can help merchants decide if they should surcharge their customers. These resources can be found at www.visa.com/merchantsurcharging.

MasterCard also provides additional information on its website at www.mastercard.us/merchants/support/surcharge-rules.html.

If you are curious about implementing surcharging to help offset credit card charges, keep in mind the effects it may have on your particular customer base.

Feel free to contact a representative at Arrow Payments with any questions about surcharging.

June 14, 2012 9:42 AM

The Benefits of Being PCI Compliant

With all the complaining about becoming PCI compliant, it is easy for merchants to lose sight of the PCI program’s benefits. Remember, PCI compliance acts as your payment processing safety net—if you ever fall, you’ll be glad it’s there.

Besides being a merchant’s lifesaver, what are the other benefits to being PCI compliant?

Protection Against (Potential) Security Breaches
I say potential, but that doesn’t mean security breaches are a rarity. They are very real, and can mean the end of your processing days—and your business. In order to become PCI compliant, you will need to answer a questionnaire about the way your business processes transactions. Depending on how you process (through a gateway, POS terminal, etc.), you may be prompted to do a security scan of your system. A scan will pinpoint any weaknesses so you can proactively nip them in the bud, before they become an even bigger issue.

Our gateway’s API provides a unique 3-step redirect process, and also stores sensitive cardholder data through tokenization in our secure off-site vault, so you are already 90% of the way to achieving PCI compliance.

Sigh of Relief
The process of becoming compliant informs you of the safest processing practices, and which old methods to leave behind. In many cases, merchants aren’t even aware that some of their methods (writing down credit card numbers, for instance) aren’t secure.

Being PCI compliant offers you peace of mind—and less time spent worrying about security breaches, means more time focusing on your business.

Boost in customer confidence
Ecommerce transactions require customers to input all of their sensitive card data onto your site—which makes some a little iffy. Because you require your customers to provide so much detail, it is important to reassure them of your site’s security along the way.

Even if your customer’s don’t know the PCI compliance basics, a positive and secure shopping experience is likely to promote return business. In addition, with security breaches appearing in the news more frequently, in-the-know customers will be seeking out compliant merchants over non-compliant ones.

Avoid costly fines
I cannotstress enough how the cost of becoming compliant (measured in minutes) greatly outweighs the cost of a security breach (measured in dollars). The cost of fines—up to $500,000!—could cost you your business, and/or prevent you from accepting credit cards in the future. Think of becoming compliant like tearing off a Bandaid—the longer you wait, the more it hurts.

At Arrow Payments, we do our best to make the process of getting PCI compliant as quick and painless as possible. As soon as you sign up and get approved, a member of our team will call you and walk you through the self-assessment questionnaire.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

May 29, 2012 3:37 PM

6 Tips to Improve Your Ecommerce Website

There are many benefits of making your products available for sale through your ecommerce website—increasing revenue and expanding your customer base to name a few.

But simply setting up an ecommerce website, and dumping your product catalog into your shopping cart software isn’t enough. Usability, navigation, and design make the difference between just browsing and actually buying.

1. Keep It Simple
The whole point of having an ecommerce store is to sell your products, so why make it difficult for your customers to find what they’re looking for? Finding a product to purchase shouldn’t be a scavenger hunt, so it’s essential to simplify your site navigation. Create a clear hierarchy/dropdown menu for customers to browse by category. Customizable sort options—by price, arrival, brand, etc—can also help your customers find what they want, fast.

Additionally, consider simplifying the registration process if you require it to complete a purchase. Complex and lengthy registration can cause customers to abandon their cart at the checkout.

2. A Picture is Worth a Thousand Sales
The downside of making purchases online is not being able physically see the product yourself. It sounds simple, but having a picture to accompany a product can be the difference between sale and no sale. Depending on your merchandise, you may also want to add multiple images of the same product from different angles. When a customer can actually see what they’re getting, there’s a considerably lower chance that they’ll return it.

3. Go Into Detail
Your customers should never have to leave your site to find information on a product you sell. If they do, you risk losing the sale—especially if another ecommerce site comes up in the search results. It is essential that your product catalog—descriptions and specs included—be seamlessly incorporated into your ecommerce site.

4. It’s All Relative
If you aren’t linking to related products, you’re missing out on a huge selling opportunity. When a customer views a product on your site, they should be offered a list of products that fall in the same category your customer is searching. Not only does this provide customers with options, but it also helps to establish return business.

5. Cover Your Customer Service Bases
Just because ecommerce sales take place online doesn’t mean you don’t have to work for the sale. Businesses can sometimes forget that a successful ecommerce website requires support team manpower. Easy to use, easy to find contact info can help customers address any issues or ask any questions efficiently and privately.

It’s always good business practice to have your customer service policies listed up front, and most merchant providers (including us) actually require it. Return and refund policies should be prominently displayed to avoid any headaches down the road—i.e. chargebacks.

Likewise, consider including a shipping rates calculator or make the various shipping rates visible throughout the shopping experience. Sites that don’t clearly state shipping costs up front risk losing sales when the final total is added up.

6. Take the Process Out of Processing
And last but certainly not least, make payment processing easy. The customer has made it this far, but functionality issues at checkout can cause a potential purchaser to cut and run. Your customer should be able to select, purchase and confirm the sale without hassle—thus the need for integrated shopping cart software. Many shopping cart providers also offer open support, and can act as an additional safety net should any glitches appear.

Also, make a point to accept a wide range of payment options. Simply accepting Visa and Mastercard will lose you AmEx, Discover, and gift card users who were planning on purchasing. If you are hesitant about adding American Express to your list of accepted cards for fear of high fees, don’t be. In fact, the cost of accepting AmEx is (literally) pennies compared to the cost of losing a sale. Check out our pricing page for a detailed breakdown.

At Arrow Payments, we review the ecommerce sites of all our merchants to make sure they have all of these elements in place before they begin processing with us.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Tags | Ecommerce | Arrow Payments | Merchant Services |

May 16, 2012 4:10 PM

The 4 Most Dangerous Things Merchants Do

It’s a scary thought, but you could be PCI non-compliant without even realizing it. Protect your business and your customers by avoiding the following bad processing practices:

Scenario 1: You want to save your regular customers time by keeping their credit card numbers on file so they can get in, get out, and everyone’s happy.

Well, not everyone. While storing credit card numbers can save time, it also puts you at serious risk of a security breach. You should never write down credit card numbers to store them in a file on site or on your computer. Instead, utilize a gateway that allows merchants to store credit card details, including level 2 and level 3 data, in a secure cloud server offsite.

Scenario 2: A customer makes a payment offsite, and emails you his payment details—credit card number, expiration date, CVV code, the whole shebang.

Never receive or send payment card details via email. Even split up into multiple emails, the truncated card number can still be easily accessed by computer-savvy data thieves—or anyone with access to your email. The Arrow Payments gateway allows you to send your customers invoices via email, which they can pay by completing a secure payment form linked to the emailed invoice. It’s just as easy as submitting card details by email, but 100% safer.

Scenario 3: All of your employees are able to access terminals and gateways through one main login and password.

You may not have even considered it, but employee theft is always a possibility. To protect your business and customers from credit card data theft, never use terminals and gateways without user-specific logins and passwords. If employee theft does occur, you will be able to isolate the breach by identifying the employee’s login. Make sure all of your employees have individual logins, and customize accounts so that you control how much access they have.

Scenario 4: To insure that your employees provide the best customer service possible, you have set up a system that records all calls made to your business.

If your business is utilizing a call recording system, you may not verbally transmit credit card details over the phone. That doesn’t mean you have to get rid of the recording system, it just means you can’t take payments over the phone. Using an e-invoicing tool (like the one on our gateway) will make taking payments quick, easy, and phone call free.

If any of the above scenarios hit a little too close to home, it’s time to get out of the danger zone and onto PCI compliant processing. Still not clear on what PCI compliance is? No worries, there’s a blog for that.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

May 10, 2012 10:46 AM

Arrow Payments vs. PayPal/Stripe/Square

As a new merchant solution, we are frequently asked how we compare to our better-known competitors Stripe, PayPal and Square.

Overview
PayPal, Stripe, and Square are rather similar in the sense that they are known as “aggregators”, meaning they are the Merchant of Record (MOR) for the transactions they process. Aggregators essentially allow customers to use their own merchant account to process credit card payments. The two major advantages for PayPal/Stripe/Square to do this are:

1. Extremely fast sign up process

Because all businesses are essentially processing payments on the same merchant account, the merchant ID and processing platform are already connected. As a business, you are just joining the party. In fact, you can begin accepting payments immediately after enrollment.

2. Cost

By aggregating their customer’s merchant accounts, they are able to avoid charging any monthly fees. Because there is only one account used by all merchants, typical account and maintenance fees owed to the Card Associations are relatively diminished. This is why all three companies employ cost structures that have minimal or no monthly fees.

The Downside
For payments companies like PayPal, Stripe, and Square, the biggest issue they have is that they take on substantial risk from their merchants and wind up with an unusually high burden of loss prevention. Due to their minimal due diligence and quick sign-up process, they know far less about the merchants they are working with, but have more financial incentive to be cautious with them.

So if they see something that they think could present an increased risk, like large transactions or sales volume, chargebacks, international sales, etc., they may be compelled to immediately mitigate the risk by placing reserves or limits on the merchant, withholding payout, or even shutting down a merchant’s ability to collect payments, all without negotiation or warning. PayPal in particular has earned a negative reputation in this regard (Google “PayPal shut me down”).

Although all three companies have minimal or no monthly fees, you will notice that they have much higher per transaction fees. Think about it like insurance; they hold much more risk and liability, and therefore charge a premium to provide the service.

The Upside
All three companies are fine to use, and in fact recommended by Arrow Payments under these conditions; You do not process many credit card transactions, and you also do not think you will in the future. In these cases, PayPal, Stripe, and Square are less expensive and easier to setup.

The Better Side
The Arrow Payments approach is to help merchants get their own merchant account, so they can be their own Merchant of Record. While this requires a little more effort from the merchant during the enrollment process, it enables us to have a much better understanding of our customers and avoid problems down the road.

As far as price is concerned, there is a clear advantage to using Arrow Payments when processing moderate to heavy volume (starting around $10,000 a month). We are happy to provide a detailed cost comparison for your particular business.

In addition to these benefits, Arrow Payments is able to provide many more bells and whistles to Internet and B2B merchants like transparent Interchange-Plus pricing, a modern API, PCI-Compliance, Level-3 Payments, e-Invoicing, secure card storage, recurring billing, and exceptional support for merchants in their early stages all the way to becoming a serious online player.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

April 25, 2012 4:08 PM

5 Ways to Use the Arrow Payments Gateway

We’re a team of multi-taskers, and we created our gateway in the same vein. Why serve just one function, when you can seamlessly handle 5? The Arrow Payments gateway doesn’t just move your money; it moves your entire business into the future—and an efficient future at that!

There are 5 ways to use the Arrow Payments gateway. That’s 5 excellent tools for the price of one. 5 more reasons to love us. 5 less things you have to do. I could keep going, but instead let me present the Fabulous 5:

1. Virtual Terminal – A virtual terminal is a web-based payment processing platform that allows you to process phone, mail, and POS transactions instantly online. Remote login allows you to access and process over the virtual terminal anywhere with internet access.

2. Transparent Redirect—Payments received via Arrow’s payment form which can be integrated with your own website. We simplify PCI by keeping sensitive data on our servers and off yours. Find out more about the magic behind Transparent Redirect here.

3. API—Arrow’s Application Programming Interface (API) is simple, modern, and a web developer’s dream. Our API can easily integrate into any mobile application or shopping cart software your ecommerce website may be using.

4. Recurring Billing—Transactions are automatically billed to customers via a schedule set up on the Arrow Payments website. Billing cycle lengths and due dates are all completely customizable to suit your business. The gateway will also alert you when your recurring customer’s credit cards are expiring.

5. Invoices—The gateway invoicing tool allows to you initiate customer bills through email. Clients are sent to our servers to make a payment and reports notify you of the transaction status, insuring that you never physically or electronically come into contact with sensitive cardholder data—making PCI compliance simple and secure. You also have the ability to resend the email until the bill gets paid.

The Arrow Payments gateway is the Swiss Army knife of payments processing—all the tools you’ll ever need, in one sharp little package.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

April 18, 2012 9:04 AM

Taking on Merchant Services’ Bad “Wrap”

I know—disgusting, isn’t it? Unfortunately, disgusted is the way most people feel about merchant account providers. Here are just a few of the reasons the merchant services’ industry has such a bad “wrap”:

Complicated and expensive fee structures
A lack of understanding about how the industry works
Hundreds of poorly trained independent sales reps
Rates that increase overtime, addition of unnecessary fees, lengthy contracts, costly termination penalties
Inadequate customer service and support

Before poor customer service and binding contracts make you lose your appetite for merchant services completely, let me introduce a more palatable provider.

Starting Fresh
At Arrow Payments, we’re serving up a new kind of wrap—it’s fresh, it’s nutritious, it’s completely calorie free! Ok, so maybe that’s a stretch, but it does have all the nutrients of a merchant account, without all the questionable meat thrown in.

Here’s what’s on the menu:

100% satisfaction guarantee—If you don’t like working with us within the first 90 days, we’ll refund all the profits you made with us, AND help you transition to a new provider
Transparent pricing—The fees listed on our website are the fees you pay. No exceptions. We also use interchange plus pricing and SIC code-specific underwriting, so you’ll always get the best rates for your business
PCI Compliance comes standard—We get our merchants PCI compliant as part of the application process, and go through it with them.
No contracts—We require no terms or commitments from our clients, and will never stick you with hidden fees or penalties.

Merchants need account providers, so why make them chose from the best of the worst? We think they deserve the best—period. That’s why we’ve taken everything you could want from a merchant service provider, and wrapped it up in one appetizing package.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Tags | Arrow Payments | merchant account provider | Merchant Services |

March 16, 2012 1:38 PM

The FAQs on SAQs

A few months ago, I wrote about the basics of PCI Compliance. To jog your memory, everyone hates this. To jog your memory more accurately, PCI Compliance is a mandatory security standard put in place by the card companies, and requires that you provide information about the way you process transactions. To become compliant, you will have to complete a Self Assessment Questionnaire (SAQ) online where you will be asked a series of yes or no questions about how you process credit card transactions.

The SAQ is a validation tool for merchants and service providers to insure your business is using the correct security practices. The process begins with a series of 5 questions. Depending on how you answer the initial 5 questions, the correct SAQ should be automatically prompted. It helps if you think of it like a choose-your-own-adventure book. Your next adventure? More questions!

Which SAQ Do I Need?
There are multiple versions of the SAQs to meet multiple business scenarios. Some merchants are lucky—the required questionnaire is short and sweet. For others, not so much. If you process transactions over an Ethernet connection, your SAQ will be longer. To find out which SAQ is for you, check the list below:

SAQ A: This is for e-commerce or mail/telephone-order merchants where the card is not present at the time of transaction. No brick and mortar stores should be using SAQ A.

SAQ B: Merchants who use an imprinter (often lovingly referred to as a knuckle-buster) during transactions, or utilize a stand-alone terminal not connected to the internet. Anyone completing SAQ B must not store cardholder data electronically.

SAQ C: This is for merchants with point-of-sale systems that only connect to the internet for authorization, and do not electronically store cardholder data. The merchant must not be connected to other locations or other systems within the organization’s environments (i.e. a corporate office).

SAQ D: All other merchants who do not fit into the above criteria. The first 3 SAQs are designed for very specific processing scenarios. SAQ D is a catch-all for the others.

It is essential that you answer the first 5 questions correctly so you are not prompted to complete the wrong questionnaire. Certain SAQ’s require a scan of your system, but the process is painless and only takes a few minutes to complete. If you are not sure how to answer a question—the wording can get unnecessarily confusing—please check with your merchant account provider or acquiring bank before proceeding.

At Arrow Payments, we are committed to making PCI Compliance as painless as possible. We get all merchants compliant immediately as part of the application process, and assist them in choosing the appropriate questionnaire. Becoming PCI Compliant is necessary, but also confusing, and that’s why we’re always here to help.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

March 14, 2012 2:31 PM

Getting Your Piece of Interchange Pie

In honor of Pi Day (3.14), let me explain the mystery of interchange fees in the most delicious way possible. Say we live in a magical world where pies are acceptable tender. A customer will come to your business, and purchase $100 worth of pie. But before you can enjoy that pie, the customer’s bank and credit card company each get to take a sliver. Those slivers of pie taken out are interchange fees.

Whenever a card transaction is processed, there are actually many more hands in the pie than just you and your customer. Interchange is the fee that your merchant account provider (us) gets charged for each Visa and Mastercard transaction you take. Interchange is paid between banks to accept card transactions, so the cardholder’s issuing bank gets a cut of the money.

Many merchant account providers will set up clients on a tiered or bucket pricing plan with fixed interchange rates. These plans are often very confusing and inconsistent, and usually benefit the account provider much more than the merchant. At Arrow Payments, we believe you’re entitled to as much of your pie as possible. That’s why all our clients are set up on an interchange plus plan.

What is Interchange Plus?
Simply put, interchange plus ensures that you aren’t getting cheated out of any of that delicious pie. With this pricing structure you will always pay as close to true interchange as possible, in addition to a set monthly processing fee.

The interchange fees increase in succession from check cards, credit cards, rewards, and business or corporate cards. The way you accept payment is also a factor—more preferential fees are applied to swiped cards than keyed in cards. Even then, there are variables in fees based on what additional information was submitted with the transaction.

Interchange varies from .05% to 2.95%, with a per transaction fee between $0.00 - $0.21 cents. Because of this wide variable, you need to always make sure you are submitting the proper data in the most efficient way. Within the Arrow Payments gateway for example, we provide several different transaction types to choose from and supply the appropriate line items of detail to submit along with your sale to keep interchange to a minimum.

The fee structure is confusing, and this is how merchants get taken advantage of. Our team is committed to truth in pricing and getting you the most money from each transaction—interchange plus allows us to do this. Our mission is to make this pricing as transparent as possible, so we won’t bundle any arbitrary fees onto your bill and call them interchange. In our opinion, that’s like getting a pie in the face.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

March 2, 2012 2:37 PM

A Tokenization of Our Appreciation

We’ve already established that no one likes the hassle of PCI Compliance. Sure, it’s secure, but maintaining that security can be excruciatingly time consuming for both merchants and their recurring customers. Not anymore. Tokenization is the key to beefing up security and simplifying recurring transactions—all while avoiding PCI compliance issues.

How does it work? Glad you asked! Simply give me your credit card number, and I will give you a token to play your favorite arcade game at Chuck-E-Cheese. Wait—wrong kind of token. Ok so there’s no skee-ball, but what tokenization actually is is even cooler.

So What Is Tokenization?

Tokenization is the process of replacing sensitive data (like credit card numbers) with non-decryptable data, taking your security to the next level of functionality. When a merchant enters a credit card number into their gateway, it generates a random series of proxy numbers, or token, to replace the card number. Once a credit card number has been tokenized, it can be used later to conduct transactions using the stored card without actually storing the card number.

The token then becomes a unique customer identifier, which makes recurring transactions and future purchases a breeze. The only numbers from the original card number that remain are the last four digits, which become the first four of the token. The token can only be used on that merchant’s gateway, making it virtually impossible for a credit card number to be stolen. And, in the extremely rare case that there is a breach, data thieves will access only the token, which is completely useless out of the context of the gateway. Take that, hackers!

On the off chance that you aren’t as riveted by tokenization as we are at Arrow Payments, let me break the process down for you:

1. The merchant accepts a credit or debit card payment

2. The merchant inputs the cardholder data into the gateway

3. A token is then generated to replace the credit card number

4. The token—not the cardholder data—is stored in the merchant’s vault for later use

A theft-free way to store cardholder data which meets PCI compliance AND makes future transactions easy? Jackpot!

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Home Archive RSS