WORD TO THE WISE: CUSTOMIZE!

In the buffet of gateway technology, not everyone will fill their plate the same way. Some have a taste for particular features, while others loathe the thought of getting anywhere near them.  Here at Arrow Payments, we encourage everyone to take a trip to the Gateway Buffet and take exactly what they like.  Even if you change your mind and don’t want those brussel sprouts, you can put them back.  Customization is awesome and we want you to get exactly what you want!  Here are some of the ways we can cater your gateway to your business:

·         QUICKBOOKS: Arrow Payments can integrate directly with Quickbooks Pro, Quickbooks Premier and Quickbooks Enterprise (2007+)

·         DUPLICATE THRESHOLD: The processor can check for duplicate card numbers within a specified time.  This will protect double charges from occurring.

·         VERIFIED BY VISA: The Verified by Visa benefits to merchants are clear: even if the cardholder isn’t enrolled in the program, or the issuer isn’t participating, the merchant is not liable for certain fraud-related chargebacks.

·         MOBILE PAYMENTS: Take payments on your iOS or Android device.

·         REQUIRED FIELDS: Decide which fields are necessary for your transactions; the more information you provide, the more protection you have in the event of chargebacks. Also you are eligible for additional savings when providing more information about transactions. But if speed is more your style than trim back on the details and get it done fast!

·         Allow Acceptence w/out Expiration Date: For stored customer cards you may prefer this option so that you will never need to update a cardholders changing expiration date.

·         Customer Vault: This feature comes standard with Arrow Payments, allowing you to save customer payment information safely in the cloud. You can look customers up by name to charge at a later date, without having to type in all those pesky details again.

·         Next Day Funding: You want your money fast. For that we can offer you the express funding option so that you see your money in your bank account within 24 hours!

·         Level 3 Processing: Level 3 processing can save you money depending on your business type and the types of cards you take.  Just another way to save you some dough!

So fill up your plate!  There are never lines at the Arrow Payments Gateway Buffet.  We’ll even help you carry your ice cream sundae back to the table if your hands are full!  

The Ins and Outs of Surcharging

The subject of surcharging is one that has caused a great deal of confusion in our industry for quite some time. However, because the United States District Court for the Eastern District of New York preliminary approved a proposed settlement agreement in the In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation in November 2012, we are starting to see some clarification from the card associations.

As a result of the settlement agreement, Visa and MasterCard recently changed their Operating Regulations, giving merchants in the U.S. the ability to surcharge credit card transactions beginning January 27, 2013. To help understand the new rules, see the following summary of the rule changes.

A surcharge, sometimes called a checkout fee, is an additional fee that a merchant adds to a consumer’s bill when he or she uses a card for payment. 

Here are a few rules regarding surcharging:

1. Surcharging is prohibited on debit and prepaid cards.

2. The surcharge must be the same for all credit card transactions of that brand, regardless of issuer.

3. The surcharge must be no greater than the merchant’s average discount rate for that brand’s credit card transactions.

4. The surcharge cannot exceed 4% in any event.

5. The surcharge must be the same for all transactions of that particular product, regardless of the card’s issuer.

6. The surcharge must be no greater than the merchant’s average discount rate for credit card transactions of that particular product, minus the regulated debit interchange rate (currently 0.05% + $0.22).

For U.S. merchants that accept credit or charge cards from other payment network brands, including American Express, Discover, and PayPal, surcharging practices are subject to a competitive “level playing field” limitation.

If the merchant accepts a competing payment network brand (e.g., MasterCard) that is as or more expensive to the merchant than another brand (e.g., Visa), the merchant may surcharge one brand’s (MasterCard’s) credit cards only in the same way as the merchant would be allowed to surcharge the competing payment network’s (Visa’s) credit card.

If the merchant accepts a competing payment network brand of credit card that prohibits the merchant from surcharging in a particular channel of commerce (i.e. either face-to-face or non-face-to-face), the merchant may not surcharge one brand’s credit cards unless it also surcharges the competing payment network’s credit cards regardless of the cost of that card to the merchant. In this case, the amount of the surcharge on the competing brand must be at least the lesser of the cost to accept the competing brand’s credit cards or the surcharge imposed on the first brand’s cards.

Visa and MasterCard require that merchants who decide to surcharge credit card transactions must satisfy the following notification and disclosure requirements:

1. The merchant must provide 30 days advance written notice to Visa, MasterCard, and the acquirer.

2. The merchant must provide clear disclosure to its customers that it is imposing a surcharge, including the amount, and that the surcharge is not greater than the merchant’s discount rate.

3. The dollar amount of the surcharge must be provided on the transaction receipt.

A merchant can satisfy its disclosure obligation to MasterCard by emailing merchant_surcharge_notification@mastercard.com and providing them with your business name, phone number, and merchant number and disclosing your intent to surcharge.

Merchants who choose to surcharge must notify Visa 30 days prior to beginning to surcharge; visit https://usa.visa.com/merchantsurchargenotification/inquiry to notify Visa. 

Merchants who choose to surcharge must also notify Arrow Payments 30 days prior to beginning to surcharge.

Please note, there are 10 states have laws that limit or prohibit surcharging. These states include California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma and Texas. Please consult your legal advisor to make sure you comply with applicable state and local laws.

Visa has created numerous resources on this topic, including Frequently Asked Questions and other documents that can help merchants decide if they should surcharge their customers. These resources can be found at www.visa.com/merchantsurcharging.

MasterCard also provides additional information on its website at www.mastercard.us/merchants/support/surcharge-rules.html.

If you are curious about implementing surcharging to help offset credit card charges, keep in mind the effects it may have on your particular customer base. 

Feel free to contact a representative at Arrow Payments with any questions about surcharging.

The 4 Most Dangerous Things Merchants Do

It’s a scary thought, but you could be PCI non-compliant without even realizing it. Protect your business and your customers by avoiding the following bad processing practices:

Scenario 1: You want to save your regular customers time by keeping their credit card numbers on file so they can get in, get out, and everyone’s happy.

Well, not everyone. While storing credit card numbers can save time, it also puts you at serious risk of a security breach. You should never write down credit card numbers to store them in a file on site or on your computer. Instead, utilize a gateway that allows merchants to store credit card details, including level 2 and level 3 data, in a secure cloud server offsite.

Scenario 2: A customer makes a payment offsite, and emails you his payment details—credit card number, expiration date, CVV code, the whole shebang.  

Never receive or send payment card details via email. Even split up into multiple emails, the truncated card number can still be easily accessed by computer-savvy data thieves—or anyone with access to your email. The Arrow Payments gateway allows you to send your customers invoices via email, which they can pay by completing a secure payment form linked to the emailed invoice. It’s just as easy as submitting card details by email, but 100% safer.

Scenario 3: All of your employees are able to access terminals and gateways through one main login and password.

You may not have even considered it, but employee theft is always a possibility. To protect your business and customers from credit card data theft, never use terminals and gateways without user-specific logins and passwords. If employee theft does occur, you will be able to isolate the breach by identifying the employee’s login. Make sure all of your employees have individual logins, and customize accounts so that you control how much access they have.  

Scenario 4: To insure that your employees provide the best customer service possible, you have set up a system that records all calls made to your business.

If your business is utilizing a call recording system, you may not verbally transmit credit card details over the phone. That doesn’t mean you have to get rid of the recording system, it just means you can’t take payments over the phone. Using an e-invoicing tool (like the one on our gateway) will make taking payments quick, easy, and phone call free.

If any of the above scenarios hit a little too close to home, it’s time to get out of the danger zone and onto PCI compliant processing. Still not clear on what PCI compliance is? No worries, there’s a blog for that

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

What is a Payment Gateway?

All of the blogs I’ve written have been about the amazing benefits of using a payment gateway for your ecommerce site. I’ve been so excited to share all the great features of our gateway with you that I may have skipped over the most important part—explaining the magic behind it all!

A payment gateway facilitates the transfer of information between your ecommerce website, mobile phone, or point of sale system, and your merchant account in a secure, encrypted format. In other words, the gateway is the armored truck that moves your customer’s money to your account, safely and securely.

Each transaction made on a payment gateway is sent through SSL (Secure Sockets Layer) to a processor for approval. It sounds like it’d be a long trip, but really it takes about 2-3 seconds. Throughout each business day the gateway sends (still via that bulletproof, fraud-proof, error-proof armored car!) all your day’s transactions to be stored in our secure vault, and then releases them as a single batch to deposit into your account.

What’s So Great About Arrow Payment’s Gateway?

In a word, everything! If you’ve read any of our blogs, or visited our website, one thing should be abundantly clear: we’re REALLY excited about our gateway, and with good reasons: 

  • For one thing, our gateway was created, and is supported, in house so if you have any questions, we’ll never outsource your call. Just call one number, and reach a team of gateway experts.
  •  Advanced reporting tools come standard in our gateway, so searching for transactions and comparing sales volumes is a breeze.
  • All our fabulous features and user accounts are fully customizable to meet your specific needs.
  • Our easy invoicing tool allows you to initiate customer bills through email.
  • Our gateway allows you to set up billing plans and subscriptions, initiate trial periods, pull billing reports, and update expired credit cards.
  • The best part—the gateway sends all sensitive information to be stored in our secure vault, so no cardholder data even touches your system at all!

The Arrow Payments gateway offers the best of both worlds—the bells and whistles to take tracking your ecommerce transactions to the next level, and the user-friendly simplicity that makes it all possible.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Transparent Redirect: You Don’t Have to See It to Believe It

Stop being haunted by PCI Compliance and process transactions easily and securely. How, you ask? By using Transparent Redirect—an ecommerce merchant’s friendly ghost!

Transparent redirect allows you to collect your customer’s payment information without bearing the heavy burden of keeping their information secure—leave that to us. We store all your customer’s payment data and your transaction history on our secure servers, not yours.  

In case you didn’t catch it the first time, and because it’s too awesome not to share, transparent redirect insures that absolutely no cardholder data is stored on your system. It’s stored in our super secure vault (guarded by rabid dogs and viruses and everything data thieves hate), eliminating all possibility of a breach.

Transparent redirect goes hand-in-hand with our other magical friend, Tokenization. With their powers combined, you’ve got a veritable invisible army keeping you, your customers, and your data safe.

Here’s how it works:
1. The customer gets to the payment page on your ecommerce website.
2. The customer submits the payment information required directly to OUR secure vault.
3. Our vault redirects the customer’s browser back to the payment page.

—It’s called transparent redirect, because to the customer,
it appears as though they’ve never left the page!—

4. The customer’s browser receives a tokenized credit card parameter.  
5. Finally, YOUR server processes the payment (using the token, NOT the actual card number) and informs the customer that their purchase was either approved or declined.

See what I mean? Blink and you’ll miss the magic. Transparent redirect allows the customer to believe they are making a payment on your website, but really, no credit card info goes onto your system at all. Not only is it secure, but because no cardholder data goes onto your site, it’s impossible to break PCI compliance.

So stop sleeping with the lights on, transparent redirect has got you covered.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

What is PCI Compliance?

PCI Compliance is a huge hassle put in place by credit card companies solely to annoy merchants. Right?

Wrong. The truth is, PCI Compliance wasn’t created to get in your way—it actually helps your business process payments with ease.  PCI Compliance is a security standard required by all businesses that handle, process or store credit cards. Created in response to the increasing number of security breaches, the Payment Card Industry Data Security Standard (PCI DSS) ensures that all merchants maintain secure processing practices.

Why Do I Need to Become Compliant?

You just have to. In order to make any credit card transactions, your business will need to become PCI Compliant—no exceptions, no bribes. That being said, you can still send us delicious treats if you think it will help.

No business is too big or too small to be the victim of a security breach. National brands like Bank of America and LexisNexis have both been hit with hefty fines and fees for not having the proper security in place. If a non-compliant merchant is breached, they can face up to $500,000 in fines, in addition to potential customer lawsuits, damage to company reputation, remediation costs and in some cases the end of your business altogether.

In addition, some card associations will threaten to fine merchants up to $25,000 per month until they become compliant. The bottom line: the cost of becoming compliant greatly outweighs the costs your business will face if breached.

PCI Compliance: From Risky to Ready in 12 Steps

So you’re ready to get compliant—good call. They say admitting it is the first step. Now here are 12 other steps to take on your journey to becoming PCI Compliant. But don’t think of them as steps, think of it as the leisurely escalator ride to secure payments processing.

Becoming PCI Compliant involves having the following 12 security measures in place:

1. Install and maintain a firewall to protect data
2.       Do not use vendor-supplied defaults for system passwords and other security parameters
3.       Protect stored data
4.       Encrypt transmission of cardholder data and sensitive information across public networks
5.       Use and regularly update anti-virus software
6.       Develop and maintain secure systems and applications
7.       Restrict access to data by business need-to-know
8.       Assign a unique ID to each person with computer access
9.       Restrict physical access to cardholder data
10.   Track and monitor all access to network resources and cardholder data
11.   Regularly test security systems and processes
12.   Maintain a policy that addresses information security

I    Let’s Get Compliant

In addition to following the PCI 12-step plan, you will need to determine your business’ merchant level. Don’t worry; we’ll walk you through it. There are four levels of merchant accounts, determined by annual transaction volume, and the PCI Compliance requirements vary with each level. Each merchant will be required to complete annual security assessments and vulnerability scans of their network. Assuming you’re processing correctly, this involves simply answering about 20 yes or no questions about the way you do business.

Level 1: Merchants with more than six million transactions annually across all channels, including ecommerce. For Level 1 merchants, annual onsite PCI Data Security Assessment and quarterly network scans are required.

Level 2: Merchants processing 1,000,000 to 5,999,999 transactions annually

Level 3: Merchants processing 20,000 to 1,000,000 ecommerce transactions annually

For Level 2 and Level 3 merchants, annual self-assessment and quarterly network scans are required.

Level 4: Merchants with less than 20,000 ecommerce transactions annually. Level 4 merchants are required an annual self-assessment and annual network scan.

Got It?

Let’s review. PCI Compliance is necessary, mandatory, and essentially put in place to protect YOUR business. And the best part is, becoming compliant is way easier than it sounds. It starts with a questionnaire, and ends with PCI fee-free processing.

Think of PCI Compliance as a safety net for you and your customers. You probably won’t fall, but you’ll sure be glad it’s there if you do. Don’t hesitate to call the team at Arrow Payments if you have any questions about PCI Compliance, non-compliance fees, merchant accounts, or where to send those delicious treats to. 

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Theme created by: Roy David Farber. Based on concepts from: Hunson's Black and Blue Eyes theme. Powered By: Tumblr.
1 of 1