The Benefits of Being PCI Compliant

With all the complaining about becoming PCI compliant, it is easy for merchants to lose sight of the PCI program’s benefits. Remember, PCI compliance acts as your payment processing safety net—if you ever fall, you’ll be glad it’s there. 

Besides being a merchant’s lifesaver, what are the other benefits to being PCI compliant?

Protection Against (Potential) Security Breaches
I say potential, but that doesn’t mean security breaches are a rarity. They are very real, and can mean the end of your processing days—and your business. In order to become PCI compliant, you will need to answer a questionnaire about the way your business processes transactions. Depending on how you process (through a gateway, POS terminal, etc.), you may be prompted to do a security scan of your system. A scan will pinpoint any weaknesses so you can proactively nip them in the bud, before they become an even bigger issue.

Our gateway’s API provides a unique 3-step redirect process, and also stores sensitive cardholder data through tokenization in our secure off-site vault, so you are already 90% of the way to achieving PCI compliance. 

Sigh of Relief
The process of becoming compliant informs you of the safest processing practices, and which old methods to leave behind. In many cases, merchants aren’t even aware that some of their methods (writing down credit card numbers, for instance) aren’t secure.

Being PCI compliant offers you peace of mind—and less time spent worrying about security breaches, means more time focusing on your business.

Boost in customer confidence
Ecommerce transactions require customers to input all of their sensitive card data onto your site—which makes some a little iffy. Because you require your customers to provide so much detail, it is important to reassure them of your site’s security along the way.

Even if your customer’s don’t know the PCI compliance basics, a positive and secure shopping experience is likely to promote return business. In addition, with security breaches appearing in the news more frequently, in-the-know customers will be seeking out compliant merchants over non-compliant ones.

Avoid costly fines
I cannotstress enough how the cost of becoming compliant (measured in minutes) greatly outweighs the cost of a security breach (measured in dollars). The cost of fines—up to $500,000!—could cost you your business, and/or prevent you from accepting credit cards in the future. Think of becoming compliant like tearing off a Bandaid—the longer you wait, the more it hurts.

At Arrow Payments, we do our best to make the process of getting PCI compliant as quick and painless as possible. As soon as you sign up and get approved, a member of our team will call you and walk you through the self-assessment questionnaire. 

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

5 Ways to Use the Arrow Payments Gateway

We’re a team of multi-taskers, and we created our gateway in the same vein. Why serve just one function, when you can seamlessly handle 5? The Arrow Payments gateway doesn’t just move your money; it moves your entire business into the future—and an efficient future at that!

There are 5 ways to use the Arrow Payments gateway. That’s 5 excellent tools for the price of one. 5 more reasons to love us. 5 less things you have to do. I could keep going, but instead let me present the Fabulous 5:

1. Virtual Terminal – A virtual terminal is a web-based payment processing platform that allows you to process phone, mail, and POS transactions instantly online. Remote login allows you to access and process over the virtual terminal anywhere with internet access.

2. Transparent Redirect—Payments received via Arrow’s payment form which can be integrated with your own website. We simplify PCI by keeping sensitive data on our servers and off yours. Find out more about the magic behind Transparent Redirect here.

3. API—Arrow’s Application Programming Interface (API) is simple, modern, and a web developer’s dream. Our API can easily integrate into any mobile application or shopping cart software your ecommerce website may be using.

4. Recurring Billing—Transactions are automatically billed to customers via a schedule set up on the Arrow Payments website. Billing cycle lengths and due dates are all completely customizable to suit your business. The gateway will also alert you when your recurring customer’s credit cards are expiring.

5. Invoices—The gateway invoicing tool allows to you initiate customer bills through email. Clients are sent to our servers to make a payment and reports notify you of the transaction status, insuring that you never physically or electronically come into contact with sensitive cardholder data—making PCI compliance simple and secure.  You also have the ability to resend the email until the bill gets paid. 

The Arrow Payments gateway is the Swiss Army knife of payments processing—all the tools you’ll ever need, in one sharp little package. 

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

The FAQs on SAQs

A few months ago, I wrote about the basics of PCI Compliance. To jog your memory, everyone hates this. To jog your memory more accurately, PCI Compliance is a mandatory security standard put in place by the card companies, and requires that you provide information about the way you process transactions. To become compliant, you will have to complete a Self Assessment Questionnaire (SAQ) online where you will be asked a series of yes or no questions about how you process credit card transactions.

The SAQ is a validation tool for merchants and service providers to insure your business is using the correct security practices. The process begins with a series of 5 questions. Depending on how you answer the initial 5 questions, the correct SAQ should be automatically prompted. It helps if you think of it like a choose-your-own-adventure book. Your next adventure? More questions!

Which SAQ Do I Need?
There are multiple versions of the SAQs to meet multiple business scenarios. Some merchants are lucky—the required questionnaire is short and sweet. For others, not so much. If you process transactions over an Ethernet connection, your SAQ will be longer.  To find out which SAQ is for you, check the list below:

SAQ A: This is for e-commerce or mail/telephone-order merchants where the card is not present at the time of transaction. No brick and mortar stores should be using SAQ A.

SAQ B: Merchants who use an imprinter (often lovingly referred to as a knuckle-buster) during transactions, or utilize a stand-alone terminal not connected to the internet. Anyone completing SAQ B must not store cardholder data electronically.

SAQ C: This is for merchants with point-of-sale systems that only connect to the internet for authorization, and do not electronically store cardholder data. The merchant must not be connected to other locations or other systems within the organization’s environments (i.e. a corporate office).

SAQ D: All other merchants who do not fit into the above criteria.  The first 3 SAQs are designed for very specific processing scenarios. SAQ D is a catch-all for the others.

It is essential that you answer the first 5 questions correctly so you are not prompted to complete the wrong questionnaire. Certain SAQ’s require a scan of your system, but the process is painless and only takes a few minutes to complete. If you are not sure how to answer a question—the wording can get unnecessarily confusing—please check with your merchant account provider or acquiring bank before proceeding.

At Arrow Payments, we are committed to making PCI Compliance as painless as possible. We get all merchants compliant immediately as part of the application process, and assist them in choosing the appropriate questionnaire. Becoming PCI Compliant is necessary, but also confusing, and that’s why we’re always here to help. 

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

A Tokenization of Our Appreciation

We’ve already established that no one likes the hassle of PCI Compliance. Sure, it’s secure, but maintaining that security can be excruciatingly time consuming for both merchants and their recurring customers. Not anymore. Tokenization is the key to beefing up security and simplifying recurring transactions—all while avoiding PCI compliance issues.

How does it work? Glad you asked! Simply give me your credit card number, and I will give you a token to play your favorite arcade game at Chuck-E-Cheese. Wait—wrong kind of token. Ok so there’s no skee-ball, but what tokenization actually is is even cooler.  

So What Is Tokenization?

Tokenization is the process of replacing sensitive data (like credit card numbers) with non-decryptable data, taking your security to the next level of functionality. When a merchant enters a credit card number into their gateway, it generates a random series of proxy numbers, or token, to replace the card number. Once a credit card number has been tokenized, it can be used later to conduct transactions using the stored card without actually storing the card number.

The token then becomes a unique customer identifier, which makes recurring transactions and future purchases a breeze. The only numbers from the original card number that remain are the last four digits, which become the first four of the token. The token can only be used on that merchant’s gateway, making it virtually impossible for a credit card number to be stolen. And, in the extremely rare case that there is a breach, data thieves will access only the token, which is completely useless out of the context of the gateway. Take that, hackers!

On the off chance that you aren’t as riveted by tokenization as we are at Arrow Payments, let me break the process down for you:

1.    The merchant accepts a credit or debit card payment

2.    The merchant inputs the cardholder data into the gateway

3.    A token is then generated to replace the credit card number

4.    The token—not the cardholder data—is stored in the merchant’s vault for later use

A theft-free way to store cardholder data which meets PCI compliance AND makes future transactions easy? Jackpot!

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

A Beginners Guide to Level 3 Processing

If you’re in the business of business-to-business, you have probably heard of level 3 processing—but may have entirely no idea what it means. Well my friends, you are in luck. You’re about to get a level 3 crash course, save some money, and have some fun. Well, fun is a stretch, but money will definitely be saved.

Ready? Good, now let’s get you caught up. Level 3 processing is—you guessed it—the third in a three level hierarchy for how much data credit card authorization requires. These levels of data requirements determine whether or not a transaction is a qualified transaction. Qualified transactions have the least amount of risk associated with them, and therefore yield the lowest processing rate. A non-qualified transaction is subject to additional processing and transaction fees. It’s time to start memorizing your new mantra: Level 3 = lower fee.

The Basics
Level 1 and 2 transactions are run through a standard point-of-sale (POS) terminal using personal or corporate cards issued from an American bank. Level 3 transactions involve running a corporate or government card through a virtual terminal, or gateway. Most business-to-business (B2B) transactions made with a corporate credit card are processed as level 3 because they need much more data than business-to-consumer purchases. Level 3 processing requires a merchant to input much more detailed information about the product being purchased, similar to that of an itemized invoice—item description, quantity, tax rate, product code, etc.

I know what you’re thinking—that sounds horribly tedious. But stick with me friends—this is where the fun comes in! Our brand-new, state of the art Arrow Payments gateway automatically populates some of the extra data fields in advance, and saves your product information, item descriptions, and cardholder details to make the sale even easier the next time around. Think of the gateway as your personal payments genie, standing by to grant your level 3 wishes.

Level Up!
Not only do level 3 qualified transactions save you hefty processing fees, but because they are so detailed, they help merchants track the quantity and popularity of individual products. Level 3 transactions also help businesses monitor purchases being made on the corporate credit card. So, level 3 transactions benefit the merchant, they benefit the customer, and they benefit the processor. A processing solution where everyone wins? Now that’s next level.

Give us a call, let’s talk about how we can get you on our level.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Payments Providers: How to Choose?

With so many payment processors to choose from, finding the one that’s right for you can pose a lot of questions: Should you choose a large processor? A boutique payment provider? What’s the difference? What’s the better deal?

Whether a merchant services company is a large processor or an ISO (independent sales organization), the bottom line is—they all work off the same costs. In fact, if a business has ever switched their merchant account from one payment provider to another, there’s a good chance that their transactions are still being authorized on the same network as before—just with different packaging. 

Even though the costs are relatively the same, not all merchant service providers are created equal—so what makes one payment processor differ from another? Their products, solutions, and service. 

What Sets Us Apart
Large ISO’s and processors have hundreds of thousands of merchants in all different industries using all different types of point of sale products and various payment gateways. While large processors boast an equally large number of clients across various industries, what you’re getting is a Jack of all trades, but a master of none. 

As a boutique provider specializing in internet payments, Arrow Payments provides our clients with the most advanced tools for online processing. Since internet payments are our focus, we know the challenges that ecommerce and B2B organizations have, and we have tailored our offerings specifically to address those issues. We know internet processing, because internet processing is what we do.

Why Smaller is Simply Better
Our gateway and processing service is all done in house, in the same office. We answer when you call, and most importantly, we give you the answers you need. Yes we’re smaller, but that only makes us stronger. Still not convinced? Here’s a taste of the experience you’ll have with a large processor versus the experience you’ll have with us:

What if I have a question about my account?
Them: Get comfortable, you’ll be on hold for awhile.
Us: Give us a call, we always answer.

What about PCI Compliance?
Them: Pricey and confusing—but you’ll probably figure it out…
Us: It’s free, and we’ll walk you through it. Seriously.

Will there be hidden fees?
Them: You betcha. Random fees are charged with little or no notice.
Us: Nope. We’re up front about our fees and they’re all listed on our website.

How does my processor see me?
Them: Client number 538,924
Us: Numero Uno! 

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Preventing Chargebacks

Chargebacks are a hassle for everyone involved—cardholders, merchants, processors—we all feel the blow of a chargeback. Funds are held, fees are incurred, and patience’s are tried. We’re all sick of them, so let’s nip those pesky chargebacks in the bud.

How, you ask? Here are just 5 best practices to prevent chargebacks on your end AND to avoid any (gasp!) fraudulent claims by dishonest customers. Yup, that happens—yet another reason it is best to be preventatively proactive.

1. One and done. Ensure that transactions are entered into the POS terminal or gateway only once. Mistakenly duplicated transactions can result in chargebacks that could have easily been prevented with a little attention to detail. This is one of those cases where being a little persnickety can be a big help (that, and it’s fun to say).

2. Make time to sign. Whenever possible, obtain the cardholder’s John Hancock at the time of the transaction. If the cardholder chooses to dispute the charge or even cite fraud, a signed receipt or invoice on file can be your saving grace.

3. Read them their (refund) rights. Many chargebacks occur when a cardholder is unable to get a refund for a product or service they’ve paid for, and are for some reason unsatisfied with. To avoid this, inform the cardholder of all policies regarding refunds or cancellation policies at the time of the transaction. Have your return policy pre-printed on all receipts, or make sure to write down the date items must be returned by.

4. Time is of the essence. Settle or batch transactions as quickly as possible to avoid late presentment chargebacks. Rule of thumb: always settle within 1-5 days after the transaction date—the sooner the better! To make it even easier on you, all Arrow Payments gateway merchants are set up for daily automatic batches, unless otherwise requested.

5. Set a date. If a customer wants to cancel a recurring transaction which is billed monthly or annually, make sure you respond to their request BEFORE the next billing cycle. Failure to respond to cancellation requests on time will most certainly lead to chargebacks from unhappy ex-customers.  

The best way to prevent chargebacks is by communicating with your customers. If they aren’t thrilled with a service you’ve provided, tell them about your refund or credit policy. If a product they have ordered has been delayed, tell them when they can expect it. 

Arrow Payments is a Simply Better way of processing online payments. 
Have a question? Tweet Antonia at @ArrowPayments 

Sucker Punched: The Truth About Dues and Assessments

Just like the movie, “Fight Club”, the payments industry has a set of rules. And, rule number one is: we don’t talk about credit card processing fees.  But at the risk of incurring the wrath of Tyler Durden, I am about to break the cardinal rule.

The truth is, you have been paying hundreds of Interchange fess, and dozens of Dues & Assessments since you began accepting credit cards. These costs are rarely published and are often cleverly hidden. If your current credit card fees are grouped into categories, commonly referred to as Qualified, Mid-Qualified, and Non-Qualified, your processor is still charging you Interchange as well as Dues and Assessments.

Now, before you go all Project Mayhem on the processing industry, let me tell you how we’re changing all that.

Arrow Payments merchants are all set up with Interchange-plus pricing, which means we show you every fee that is being paid to Interchange and for Dues and Assessments, as well as our processing markup to provide your gateway and merchant services. We do this for several reasons: full transparency, helping you pay the closest to true cost as possible, and the ability to take advantage of Interchange benefits like the Durbin Amendment and credits on refunds, to name just a few.

In essence, Dues and Assessments are paid directly to the Card Associations for the use of the Card Brand, and the ability to process credit and debit card transactions on their payment networks. I know what you’re thinking—Just how many people does it take to process a credit card? The answer is a lot, but with good reason.

We don’t make the rules, but we do have to play by them. That being said, we play hard, fair, and give you the best chance at winning. No processor has lower Interchange fees or Dues and Assessments, despite what those tricky salespeople have to say. And if anyone thinks they can top us, we’ll have no choice but to invite them to our own fight club. 

Below is a detailed list of Dues and Assessments. To review the most up-to-date Interchange categories, please follow the links on our website’s “Pricing” page.

Visa Dues & Assessments

Charged on all transactions
Assessments: 0.11% 
Charged on all dollars processed

Acquirer Processing Fee: $0.0195 
Charged per transaction

Charged only when certain criteria applies
Zero Floor Limit: $0.10 
Applies to cleared transactions that can’t be matched to a previously authorization.

Misuse of Auth: $0.045 
Applies to authorizations that are not followed by a matching clearing transaction.

Zero Dollard Verification Fee: $0.025 
Applies when you want to verify a cardholder’s information without actually authorizing an amount.

International Acquiring Fee: 0.45% 
Applies to U.S. acquired transactions paid for with a card issued outside of the U.S.

International Service Assessment: 0.40% 
Also applies to U.S. acquired transactions paid for with a card issued outside of the U.S.

MasterCard Dues & Assessments

Charged on all transactions
Assessments: 0.11% 
Charged on all dollars processed

NABU (Network Access & Brand Usage) Fee: $0.0185 
Charged per transaction

Charged only when certain criteria applies
Assessment Large Ticket: 0.13% 
This assessment applies to consumer and business credit volume on transactions of $1,000 or greater. This assessment does not apply to signature debit transactions regardless of size.

Foreign Sales Assessment Fee: 0.40% 
Applies to U.S. acquired transactions paid for with a card issued outside of the U.S.

Acquirer Program Support Fee: 0.55% 
Applies to U.S. acquired transactions paid for with a card issued outside of the U.S.

Processing Integrity Fee: $0.055 
Charged when transactions are settled more than 24 hours after authorization, or if an authorization transaction cannot be matched to a corresponding settlement record after a period of 120 days. 

Discover Dues & Assessments

Charged on all transactions
Assessments: 0.10% 
Charged on all dollars processed

Data Usage Fee: $0.0185 
Charged per transaction

Charged only when certain criteria applies
International Processing Fee: 0.40% 
Applies to U.S. acquired transactions paid for with a card issued outside of the U.S.

International Service Fee: 0.55% 
Applies to U.S. acquired transactions paid for with a card issued outside of the U.S.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Theme created by: Roy David Farber. Based on concepts from: Hunson's Black and Blue Eyes theme. Powered By: Tumblr.
1 of 1