Tuesday, October 18, 2011

CVV2 Codes, PCI Compliance

There are two merchant account credit issues floating around today.

One, do we have to do any  PCI compliance testing?  I researched this in early 2009 and wrote that as a level 3, 20K-1M online transactions vendor, none stored, there was a level of testing required. I don't list my source for this info but I wrote it up here. I wonder if its still true: PCI Compliance for Level 3 Vendor.

I researched in the beginning of 2009 that I needed to get PCI compliance testing done.  But, I never have. 

As a side story, after I decided that we did need some PCI compliance testing, I tasked my  team to take care of it and that spoke to one vendor who talked us into a whole comarketing thing in which they guaranteed our site and put their bug all over it guaranteeing that it would improve our conversion rate. It didn't improve the rate at all. They made some changes. No improvement. We insisted on getting our money back. Eventually we did but only after a huge investment of time and energy. We were so turned off by the experience that we haven't looked at PCI compliance since then.  

The second question this week relates to CVV2 Codes.   We've found over the last few years that our decline rate on credit cards (and some fees) are creeping upwards.  Since our product is education, there is very little fraud so we have never required a CVV2 code.

Our processor says that if we get the CVV2 code, we'll get less declines and the fees will be a little lower. But we know that many of our customers use cash cards (ie gift cards) which don't seem to have CVV2 codes.  I'm now trying to redesign our sales page to handle this and I'm looking for an example or advice on how other people handle this.  Any input?

Wednesday, October 5, 2011

Paypal Reserves - Second Big Problem with Paypal

Let me start by saying that I'm generally thrilled with Paypal as my merchant account vendor. With a total expense rate of 2.7% and a high level of reliability, they are better than the other vendors that I use to process credit cards.  I give them high marks for low cost, high reliability, great technology, and great service.

I've previously had one big frustration with them in that their reporting sucks.  I have several product lines being sold (I'm in the hundreds of thousands of dollars of revenues in a year with the average payment way under $100) and Paypal isn't really able to help us track by product line.  Even when we have the payments come in under different emails, they can't sort them out. It turns out the solution is to open a child account. The process was cumbersome, basically, open a new account, get it approved, get it linked to the old one, drop out all the fees, and the child account can ONLY withdraw money up to the parent account. And it's an automatic process which happens nightly.  Which would be fine except we have some refunds (we do a money-back offer) and about 4% of our customers take the refund.  Paypal does an automatic withdrawal every night but on the days that there are refunds, they try to withdraw too much and it produces all sorts of emergency warnings and failure notes.

Second big problem I just realized. My account has reserves. In fact, they hold onto 20% of my funds for 90 days on a rolling basis. It's really not something that I can work with. Have any of you any experience with this?  I spoke to Paypal at some length last night and the agent said: "There's no way you can ever do anything about it.  Ever! This is just the way it is. I've spoken to my supervisor dude and you've got the 20% withholding on you forever. You've been approved this way and there's no way ever that you will ever get reviewed again or get it removed.  You might try setting up a new account and see if you get stuck with the same thing."  Heh thanks!

I read the Paypal rules and found this:

What are Reserves?

Question :
Answer :
Reserves are funds that belong to you but have been set aside. We hold money in reserve just in case you receive payment reversals or chargebacks and your PayPal balance isn't enough to cover them. Reserves are typically applied to merchants who handle:
·         large sums of money,
·         high dollar items, or
·         items in high-risk categories
Your reserve amount is listed on your Pending Balance page. From time to time, we may need to adjust your reserve amount. If that happens, we’ll email you about the changes.

There are two types of reserves, rolling reserves and minimum reserves.

Rolling reserves

With rolling reserves, a percentage of each transaction is held and then released after a certain amount of time. For example, your reserve may be set at 10% and held for a 90-day rolling period. This means that we’ll hold 10% of the payments you receive on the first day until day 91, 10% of your second day's payments until day 92, and so on.

Minimum reserves

A minimum reserve is a specific amount of money that you must keep in your PayPal balance. A percentage of the payments you receive will be held until the reserve is met. For example, if your minimum reserve is $5,000.00 we'll hold a certain percentage of each transaction until you reach $5,000.00.