Monthly Archives: October 2014

Does My Business Need a High Risk Merchant Account?

“Hi, this is Dave from Dave’s Online Vapor Shop, I need to accept credit cards at my business.”

“Hey Dave, this is Ernie from Choice Merchant Solutions. That’s definitely something that we can help you out with - can you tell me about your business?”

“Sure, Ernie. I run Dave’s Online Vapor Shop, we sell electronic cigarettes and accessories over the internet. We just started shipping to customers all over the continental United States!”

“Congratulations, that’s fantastic! Ecommerce merchants are my favorite, but there are a few caveats for your merchant account. Due to the nature of your business, it’s going to be a high risk merchant account.”

“A what? Why is that?”

Every business is different

The specifics of that conversation are fictional, but the content and gist are as real as the screen you’re reading right now.

Business owners and merchants call in and have a conversation about their interest or need for a merchant account. A small percentage of businesses are not eligible for a regular merchant account, and usually apply for a high risk merchant account instead. First, you need to know what one is.

What is a high risk merchant account?

Businesses require a high risk merchant account when they present a higher amount of risk (duh). In this case, a lower chance of actually receiving funds for services rendered or products sold.

This begs the question, ‘What reduces the chance of receiving funds?’

The strongest factor is usually card-non-present transactions. These are transactions where payment is processed without the physical card. Almost everybody has bought something online or over the phone - those are card-not-present transactions. The bottom line is that swiping is the most secure method of authentication for credit cards, and not being able to swipe will raise your risk profile in the eyes of underwriters.

Another factor is credit card processing volume. Since each transaction is potential fraud, higher volume means more chances for fraud. Transaction ticket size also raises risk. Ecommerce and high risk businesses have higher average transactions when compared to retail or brick-and-mortar businesses.

Chargebacks disrupt natural business cycles and hurt cash flows. A chargeback is when a cardholder calls up his card issuer and says, “I didn’t make this purchase.” The amount is refunded, and the business owner is eats the cost of the product or service. Lots of chargebacks is not a good thing, and a high percentage will raise a business’ risk profile.

The Member Alert to Control High-Risk Merchants (MATCH) list, also known as the Terminated Merchant File (TMF) is a list that contains merchants that have been terminated for one reason or another. Merchants on this list will have a very hard time getting a merchant account. The list was designed for merchant acquirers, in order to flag merchants that have caused intense issues in the past.

Time in business is also a factor when determining whether or not a merchant will be high risk. New merchants are more risky. Credit card processing history is something that all merchant services providers look at when determining rates, fees, and the type of account.

Business credit matters, but not as much as you’d think. Business credit doesn’t have too much impact on a transaction, but it can raise your risk profile if it is too poor.

High Risk Merchant Account Industry Types

Industry type is probably the most important factor an underwriter looks at when approving a new merchant account. Businesses in these industries (or similar ones) will most likely be approved for a high risk merchant account.

Mail Order
Catalog Order
Travel Services
Tobacco/e-cigarettes
Adult
Credit Repair/Debt Consolidation
Pharmaceuticals
Nutraceuticals
Dating Services
Trial Offers

It’s important to remember that this is a spectrum - if your business is on the edge, you may be bumped up or down, it’s up to the underwriter. Your rate will also vary depending on the above factors.

If you’re not sure if your business will need a high risk merchant account, please call us at 860.296.1300 or email us at [email protected], and one of our high risk merchant account specialists can give you a quick answer and a free quote.

Follow us on Facebook, Twitter, and LinkedIn for more information about high risk merchant accounts and payment processing news and events.

Tuesday Tips #3

The third episode of #TuesdayTips just went live! As you know, Tuesday Tips was designed to educate merchants using the merchant services expertise that Choice Merchant Solutions has acquired during our time in business.

In this episode of Tuesday Tips, Marc speaks about the hottest topic in the payment industry - data security. There are twelve guidelines established by the Payment Card Industry Security Standards Council - and each of them helps to protect your business from data security compromises.

You can easily view the tips and keep up with Choice by visiting our YouTube channel, liking us on Facebook, or following us on Twitter.

EMV Readiness Program

The third part of this series introduces the Choice Merchant Solutions EMV Readiness Program – part of a combined incentive program to shift businesses to chip-and-pin capable hardware as quickly as possible. The goal of this program is to secure customer payments and transactions, but we have found a way to benefit businesses as well.

Last time, we described the landscape for merchants. The final entry in this series will lift the veil that shrouds EMV and ensure that readers, clients, and customers are aware of the actions they can take to protect their payment card information.

What is EMV?

EMV stands for Europay, MasterCard, Visa – the three founding members of the chip-and-pin standard. In uncomplicated terms, adopting the EMV standard will increase security by utilizing a chip installed on new credit cards to validate and authenticate transactions. The EMV standard is managed by EMVCo, which was founded by the above companies.

Unfortunately, the United States is one of the last countries to adopt EMV technology, and the price we have paid is very high. These two events show how serious EMV adoption is, especially after 2013 being the worst year in history for data breaches. If you haven’t already, read the second post in this series here.

The Liability Shift

In October 2015, Visa, MasterCard and American express will implement a liability shift – merchants will be held for insecure card-present transactions. Visa, MasterCard, and American express have stated that businesses with EMV deployment will be protected from this liability.

What does this mean for merchants?

By October 2015, merchants will need to have the capability to accept EMV cards, or they will be held liable for fraudulent transactions. Conversely, card issuers will be held liable for fraudulent transactions if the cards they issue are not EMV capable. Caroyln Balfany of MasterCard explains it very well:

So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

-Carolyn Balfany

Recent Events

Breaches

Since this series was started, several other large corporations have been breached, including Dairy Queen and K-mart. Serious failures in data security such as these cost millions in damages, repairs, and inevitable upgrades, while hemorrhaging customer trust. Small businesses do not have the assets or scale to absorb attacks in the same way that these companies do, so data security is even more important for Main Street.

White House

In the past week, universal EMV acceptance has gained support from the highest power in the land. President Obama signed an executive order last Friday starting the “Buy Secure” Initiative, which will protect customer information, begin the transition of government issued-cards to chip-and-pin technology, and motivate Congress to pass data breach and cybersecurity legislation.

Rebates

American Express, the most exclusive credit card issuer, is offering financial incentives for small businesses in order to spur adoption of a more secure method of processing transactions. The program is very accessible, only requiring that merchants have EMV compliant hardware, be located in the United States, and process less than $3 million in annual American Express charge volume.

The cost of this program is astronomical, and the cost of upgrading thousands of major retailers to chip-and-pin enabled credit card readers is even higher. Thankfully, Main Street businesses do not have to deal with this; all they have to do is contact their merchant services provider and purchase an equipment upgrade.

How can I accept EMV cards?

You need an EMV-ready terminal. Most merchant services companies should be able to provide you with one, especially considering the popularity of the topic. Fill out the form below to hear back from one of our representatives.

Choice Merchant Solutions EMV Readiness Program

The Choice Merchant Solutions EMV Readiness Program is designed for proactive business owners that want to stay ahead of the curve, protect their customer’s data, and reduce expenses.

Our program starts with the proper hardware. We use the Verifone VX 520, a dual communication terminal that comes equipped to handle EMV right out of the box. The VX 520 offers enhanced security features and can communicate through a phone line or an Ethernet connection, making it ideal for any business.

Our clients have given us positive feedback on the device. The VX520 is much faster than its predecessor, a key factor in moving customers quickly and efficiently. Employees like it as well. The user interface is a vast improvement from the previous model, and commonly used functions are intuitively placed and easily accessible.

In addition to VX 520 terminal, the EMV Readiness Program includes an unprecedented 4 year rate lock.

This offer is only available for a limited time.

Worried that there’s no point in upgrading when nobody has the card? Not a problem. Here is a list of card issuers that have already begun to send consumers EMV ready cards. Look in your wallet, you may already have one!

For more information, you can email us at [email protected] or call us at 860-507-1294.

Follow us on Facebook, Twitter, and LinkedIn for more information concerning the safety of your information, and be sure to use the hashtag #EMVReady.

Marc Tenore - Vice President of Strategic and National Accounts

Hartford, CT, October 20, 2014 – Choice Merchant Solutions Announces Expansion of Marc Tenore’s Role as Vice President of Strategic and National Accounts

Marc Tenore, due to his success with high risk merchant accounts and ecommerce merchant accounts, will be assuming the additional responsibilities of the Choice Merchant Solutions Retail Division. The Retail Division of Choice Merchant Solutions is the backbone upon which the company was built, and Tenore’s absorption of the division is a display of his hard work and the trust that is placed in him.

“Marc has been with Choice from the beginning. He’s a hard worker, and he knows how to get results,” said JohnPaul Golino, President and CEO of Choice Merchant Solutions. “It will be a challenge, but he knows the industry, he knows his employees, and I know I can count on him to get it done.”

While Marc Tenore will retain the title of Vice President of Strategic and National Accounts, he will assume additional responsibilities, including consolidating the two divisions in the coming months. Marc’s experience in merchant processing, business development, and management will serve him well and allow him to thrive in his expanded role.

Marc Tenore co-founded the High Risk Division of the company and ushered it through the early stages of its growth into one of the leading sources for high risk merchant accounts in the country. Choice Merchant Solutions is confident that his success will segue to the Retail Division of the company and drive its success for years to come.

Marc can be reached at [email protected], by phone at 800-507-1294, or on LinkedIn.

# # #

Choice Merchant Solutions Inc. is a Connecticut-based provider of business solutions and integration processes. Payment processing, merchant services, and other services including merchant cash advances, product fulfillment, chargeback support, and a newly-launched affiliate network are some of the highlights of this quickly growing firm. Choice Merchant Solutions payment services are used by businesses of all sizes across the United States, and beginning this year, the company is beginning to push international borders.

For more information:
Choice Merchant Solutions
1010 Wethersfield Avenue
Hartford CT, 06114
860.296.1300
[email protected]

Choice Merchant Solutions Supports Hands On Hartford Annual Harvest Supper

Hartford, CT, October 16, 2014 – Choice Merchant Solutions Supports Hands On Hartford Annual Harvest Supper.

Choice Merchant Solutions’ President and CEO JohnPaul Golino is proud to be an Emerald Sponsor for the Hands On Hartford annual Harvest Supper on Thursday, October 23, at 5:30 pm. Aetna, as the host sponsor, will provide the Aetna Auditorium on Farmington Avenue in Hartford for a screening of “The Line”, a film documenting the lives of individuals across the United States that are living below the poverty line.

“It’s estimated that in the City of Hartford, as many as 40% of all families are living below the Federal poverty line,” said Barbara Shaw, Executive Director of Hands On Hartford. “These are our neighbors, members of our community, and we are committed to doing all we can to provide support in the areas of food and housing security and general economic security.”

The Harvest Supper will feature a light dinner, a screening of “The Line”, by Emmy-award winning producer Linda Midgett, and a discussion and call to action aimed to motivate attendees to support families living below the poverty line in the Greater Hartford area. Proceeds from the event will support Hands On Hartford’s food and housing programs.

Choice Merchant Solutions is committed to giving back to the community that allowed us to grow. Hands On Hartford is a charitable organization that enables volunteers to discover and participate in civic engagement activities and basic human needs assistance.

We hope the collective efforts of donors, volunteers, and Hands On Hartford staff at this event will inspire others to do the same and make a significant impact on the health and safety of the Greater Hartford community. Choice Merchant Solutions will participate in similar events, such as Christmas Wish, in the coming months and years.

Hands On Hartford was founded in 1969 as Center City Churches. Its mission is, in partnership with others, to strengthen community in Hartford by responding faithfully to people in need through programs that change lives and renew human possibility. For more information visit www.handsonhartford.org, like them on Facebook, and follow them on Twitter.

View the Hands On Hartford promotional piece.

# # #

For more information:
Choice Merchant Solutions
1010 Wethersfield Avenue
Hartford CT, 06114
860.296.1300
[email protected]

Choice Media at ad:tech NY

Ad:tech is one of the largest and most defining digital and interactive marketing conferences in the world. ad:tech NY is hosted in The Big Apple on November 5th and 6th, and boasts speakers from some the largest companies in the world. Attendees come to meet, network, and build their businesses at the intersection of digital media and technology.

Take a look at the keynote speakers. Executives from Walmart to Pinterest to Unilever will be speaking about topics ranging from mass media to mobile apps to Cake.

Choice Media will be in attendance led by Peter Risi, Vice President of Global Sales. You can reach him before the conference at [email protected] or by connecting with him on LinkedIn.

Protecting Customer Information

In our last blog post titled Data Breaches, Data Breaches Everywhere, we talked about the big data security and the largest data breaches of 2013. They affected multinational companies and some of the largest retailers in the United States.

However, that does not mean small businesses are exempt - in 2012, about 40% of data breaches occurred in businesses with fewer than 100 employees. So how can small businesses combat this and make protecting customer information a priority? Read the second entry in this three part series to find out.

PCI Compliance

The Payment Card Industry (PCI) Security Standards Council is the governing body of payment card data security for most businesses and an advocate for protecting customer information. Founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., the PCI Data Security Standard (DSS), serves as the baseline for merchants that accept cards as a form of payment – from national department store chains to seasonal fruit stands.

In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means that you are playing your role to make sure your customers’ payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they’re protected against the pain and cost of data breaches.

-PCI Data Security Standards Council Website

Businesses comply with the PCI DSS by following these 12 guidelines:

Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Restrict access to cardholder data by business need to know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security for all personnel

The important thing to remember is that the PCI SSC cannot enforce these rules, they simply provide information about best practices and data security.

Small Business Data Security

These are some things to watch out for while running a small business, and some simple solutions.

Hacking – malicious individuals can get your information by accessing your hardware or software through lackluster protective measures. Solve this by securing your connections. Encrypt your Wi-Fi, put a password on it, and don’t give it out to just anyone. There are dozens of options that range from free to $1000’s for all types of businesses.
Payment fraud – people can access your info through the POS or terminal. Solve this by controlling user access to your Point-of-Sale system or terminal. Create unique user ID’s for each employee to control their permissions, monitor their usage, and hold them accountable. Your merchant services provider can help you with setting this up.
Employee fraud – not everyone is who they say they are. Solve this by running background checks and extending your interview process. And remember, fewer employees means each has a higher chance to screw up your business.
Lost, discarded, or stolen documents – people can sift through your trash if it’s not shredded. Solve this by buying a document shredder. Shred documents on a daily or weekly basis, and make sure that the remnants are properly destroyed.
Negligence – Target’s malware detection tool caught the attack, but it wasn’t configured properly. Solve this by turning on all security features and options. Check regularly to make sure that they are on and up to date.
Third-party companies – Hackers work backwards from the point of easiest entry. Target was breached through an HVAC provider. Solve this by vetting your partners’, suppliers’, and vendors’ security measures. Their security is your security.

High Risk Merchants

High risk merchants usually pay higher rates and fees, are watched very closely for fraud, and have other stipulations stapled to their contracts. Businesses that accept card-not-present transactions, some service providers, or businesses in an industry that is heavily regulated are typically considered higher risk. The least common denominator is increased chance of fraud and increased chance of chargebacks.

It is extremely important that businesses in this category maintain the strongest level of protection for their customer’s payment card information. Their businesses are already suffering non-negotiable increased costs, by adding a data breach or fraud on top of that, they run the risk of having their merchant account shut down, or in the worst-case scenario, being put out of business.

What To Do If You Are Breached

Don’t panic – Panicking leads to hasty decisions. Haste makes waste. Don’t panic.
Preserve the crime scene – That’s what it is now. Preserving the crime scene means that the authorities have a better chance of finding useful information. Instead of wiping hard drives or unplugging cords, stop using your terminal, virtual gateway, or Point-of-sale system, and break out the cash drawer.
Gather info from service providers (internet, telephone, security, merchant services) – they have access to information that you don’t. Make some phone calls and let them know what happened and ask what they can do about it.
Legal advice – Call the police, and get yourself a lawyer. You may not need one depending on the size and scope of the breach, but that’s not something you want to test.
Communicate – Tell your employees and customers. Let your service providers, third party vendors, wholesalers, and anyone else that could be effected know that your payment card security was compromised, that you are looking into it, and that you will keep them updated. As evidenced by the efforts of Neiman Marcus, Target, and PF Chang’s, an open line of communication between executives and customers is very effective damage control.
Reevaluate – Something went wrong. Find out what it was, and fix it so that it never happens again. The PCI SSC has many resources for small businesses here and here.

Landscape for Merchants

The landscape for merchants is not promising. Last year was the worst in history for data breaches. Main Street businesses need to comply with PCI DSS regardless, but proactive owners and executives will add additional layers of security to protect customer information.

The best way to do this is to accept chip-and-pin cards (also known as EMV cards), by using a terminal equipped for them. 86% of financial institutions plan to issue chip-and-pin cards in the next two years. Small businesses don’t have the same luxury. By October 2015, merchants who are unable to accept chip-and-pin cards will be held liable for fraudulent transactions, something considered long overdue.

The Choice Merchant Solutions EMV Readiness Program helps merchants convert to a more secure system before it’s too late and emphasizes protecting customer information. Check back for the penultimate chapter of this series, which will tell you everything you need to know about EMV. If you’re an early adopter, or want to find out more from a qualified representative, call us at 860.296.1300 or check out our merchant processing page.

Follow us on Facebook, Twitter, and LinkedIn for more information concerning the safety of your information, and for the rest of the series.

Affiliate Summit West

The Affiliate Summit is one of the largest events for marketers, entrepreneurs, and executives. Attendees flock from all corners of the globe to educate themselves on best practices in marketing, enjoy lovely Las Vegas, and network with affiliate marketers, vendors, merchants, and networks.

Affiliate Summit West 2015 is taking place January 18-20, 2015 at Paris Las Vegas in Las Vegas, NV. You can register for the event by checking out their website, and you should check out their Facebook and Twitter as well.

We were at Affiliate Summit East this summer, and were a Gold Sponsor at the Affiliate Ball in New York City, which boasted Juicy J and Bone Thugs-n-Harmony.

Choice Merchant Solutions is going to be the main sponsor for the upcoming Affiliate Ball at Affiliate Summit West 2015! The Affiliate Ball is the biggest party for attendees of the Affiliate Summit, and takes place on August 19th.

Stay tuned for a big announcement from founder, Daren Blatt!

Tuesday Tips #2

Another episode of #TuesdayTips rolled out today!

Today in Tuesday Tips, Marc talks about EMV, data breaches, and disposes of an outdated terminal. Out with the old, in with the new!

You can easily view the tips and keep up with Choice by visiting our YouTube channel, liking us on Facebook, or following us on Twitter.

Data Breaches, Data Breaches Everywhere.

The payments industry is constantly evolving. In the past five years dozens of new payment systems have been developed. Unfortunately, crime evolves just as quickly, leading to highly publicized incidents such as the recent data breaches at Home Depot and Target.

This series is designed to educate merchants that are accepting credit cards, and make sure that small and local business data security is not overlooked. Local businesses are not protected by corporate firewalls, private security firms, nor monitored by the Department of Justice – it’s up to independent merchant services providers to inform merchants of the risks and how to reduce them.

Part one will focus on the largest and most publicized data breaches on large businesses across the country in 2013.

Part two will provide information about policies and regulations, prevention details, and best practices for merchants to protect their security and their customer’s information.

Part three will cover the Choice Merchant Solutions EMV Readiness Program – including the benefits of processing with Choice, the limited-time incentives for early sign-up, and the best way to spread the word about EMV.

Part 1: The largest data breaches of 2013.

Source: https://www.riskbasedsecurity.com/reports/2013-DataBreachQuickView.pdf

Target

The data breach into Target Corporation’s system took place during late 2013. It started the day before Thanksgiving, and continuing until the 15^th of December – the peak of the holiday shopping season. About 110 million customers were affected, including 40 million unique compromised cards.

As of August, Target estimates that the overall cost of the data breach is $148 million. In response, the company has accelerated its plans to spend $100 million investing in new technology in order to decrease the possibility of a repeat incident and ease consumers fears.

PF Chang’s China Bistro

National restaurant chain PF Chang’s suffered a similar breach, which started in October 2013 and continued until June 2014. While the length of the breach was longer, the amount of information compromised was lower due to the size of the company – although conclusive statistics were not published.

The cost of the breach is still unknown, despite affecting 33 locations across 18 states. In response, the chain switched to using carbon slips to process credit and debit cards – exchanging digital security for human error – in lieu of using built-in point of sale systems.

Neiman Marcus

Luxury department store Neiman Marcus was compromised mid-July 2013, and the breach continued until late October. Originally, NM declared that approximately 1.1 million customers were effected, but later revised that estimate to 350,000. In mid-June, it was confirmed that about 9,200 unique cards were used fraudulently.

While the Neiman Marcus data breach had considerably less reach, the response by the company has been similar to the reactions of larger companies. The company has offered credit monitoring and identify theft services to anyone who made purchases at the chain in 2013.

Others

2013 was a record year for data breaches – over 800 million customer records were compromised. While there were approximately 1000 fewer incidents in 2013 than the prior year, there were over three times as many records exposed. Hackers are getting better, more sophisticated, and focusing their efforts.

Source: https://www.riskbasedsecurity.com/reports/2013-DataBreachQuickView.pdf

These three events show the spectrum of data breaches – there is no criteria that makes a company more appealing for an intrusion. Retailers such as Michael’s and Aldi’s have also been affected. Software provider Adobe Systems was the victim of the largest data breach in history, with approximately 152 million records exposed – including credit and debit card information.

Follow us on Facebook, Twitter, and LinkedIn for more information concerning the safety of your information, and for the rest of the series.