Thursday, April 26, 2012

Credit Card Processing Costs

We process in the millions of dollars a  year of online credit card  for educational services.  We've been in business for eight years, very low chargeback rate. It's all intangible goods, card not present.

We do some businesses entirely through PayPal. They charge, all in, an even 2.5%. It's primarily Paypal Merchant account services so the customers only know that they are paying by credit card. (We have their highest advertised level of service. Are there higher levels?)

We do one business entirely through a classic ISO/Bank arrangement with all sorts of complexity of fees being charged and credited back by Visa/Mastercard, the merchant account bank, and the ISO.  But, it looks to me to be about 4% which I think is crazy high. However, with a switching cost of training and programming and testing, I estimate our costs are $50-$100K to switch. And it will be a major pain for my little company.  So, there is a business case (strong ROI) to switch but I just don't want to go through the hassle.

Any thoughts?

Tuesday, April 24, 2012

Merchant Account Disaster Protection

I’m trying to figure out what the contractual issues are in terms of us switching from our current merchant account credit card vendor. My reason is both planning for disaster recovery and a way to switch vendors if the costs don't get under control.

 Is there a standard structure and terms and methods for this?  This post is a continuation of my discussion of it last month.  

For instance, is our ISO obliged to help us move our customer credit card records to another place if we ask?  Are our credit card customer records kept at his site considered our data?  What happens if he goes out of business?  Since we work with an ISO, I’m trying to figure out what the contractual relationships really are. Since we set this up eight years ago, the contracts are now a little hard to find and probably dated. Aren’t they supposed to be renewed periodically?

The only annual review is from the bank which asks us some basic financial info as it raises the amount of credit card billing that we can do.

There was a valuable comment on the last post that I'll repeat here:
Jestep said: 

Use a 3rd party gateway and storage vault, which will segment your data from your processor. It may be difficult to find, but there's a variety of gateways that can use most processor front-ends.

Realistically, even a small ISO, has multiple levels of failure prevention. Their processor (Global, FDR, Chase, etc...) and acquiring bank are virtually insolvent-proof so disruption of service would be extremely unlikely. With that being said, good luck getting anything out those organizations no matter the circumstances.

Monday, April 16, 2012

Credit card info

My business set up its credit card billing process a number of years ago. To keep it simple, we have the credit cards kept exclusively at our vendor who bills them monthly.  Now that we are a large firm, we are trying to plan for disaster recovery and identify points of failure.  A clear single point of failure is the small company that is our ISO who has all the credit card data.  How do we address the risk of them failing, failing to perform, or doing something corrupt for which we will be billed?

Frankly, the realistic risk is that they might go out of business and our credit card billing which is nearly half a million a month (over $30K daily!) fails to get processed and we have no method for recovering the card data and moving them elsewhere.

One of my goals this quarter is to consider the legal and practical issues in this situation and try to address them.  Any info or experience from anyone else who has faced this situation would be appreciated!