Q. What is a merchant account, and do I need one?
A. A merchant account is set up with a financial institution to allow you to accept credit card payments directly from your clients. Unlike with most third-party services, money collected through your merchant account is deposited directly into your checking account within 48 hours. You need a merchant account if you want to take credit card payments from your clients using your own business name, and having the money deposited directly into your business checking account.
Q. Do you offer merchant accounts to businesses outside the United States?
A.Yes call for details.
Q. How do I accept credit cards online?
A. You have two options for online processing. One is called "real-time", where your customers are actually connected to a server and their credit cards are charged immediately when they place their order. The other is off-line processing, where the credit card info for each sale is saved securely online and you must retrieve it and process the sale manually. MasterCard and Visa require the use of certain products that are compliant with their regulations. All the products we offer are compliant with the latest regulations. If you are having trouble deciding which product to use, we will be happy to help.
Q. Do I Need a Shopping Cart for Online Sales?
A. No, with our Virtual terminal all you have to do is log on to your merchant accountant but most online merchants do use shopping cart software to make the sales process easier for customers..
Q. I don't have a website. What if I want to process sales offline?
A. You can use our Virtual terminal or a traditional terminal to "swipe" credit card sales as they happen (card present sales) or to process sales manually if you do mostly mail order and/or phone order sales.
Q. How long does it take to get set up?
A. From the time we receive your application, it generally takes 1 - 3 days to receive your Download. If you are ordering a terminal, it is shipped out upon approval, and will generally reach you within 5 business days. You can begin processing as soon as you have received your designated product.
Q. Are there any businesses that you do not allow to apply?
A. Yes. accounts where a principal business owner has an open bankruptcy are not allowed to apply. We also maintain a list of unacceptable, or "high-risk" and conditional merchants. Conditional merchants may apply if they meet certain restrictions. The bank may also impose some additional holdbacks or require an up front security account to approve these merchants.
Q. How long does it take to receive our funds once an order is processed?
A. Funds are deposited directly into your checking account, within 24 - 48 hours.
Q. Why are there different rates for different accounts?
A. The rates for merchant accounts vary based on the amount of risk involved in the transaction. The accounts with the lowest rates will always be the ones where the customer is present and the card is swiped and a receipt signed in a face to face transaction. The credit card companies view these types of transactions to be fairly low in risk for fraud, whereas internet transactions and transactions where orders are taken by phone or mail are generally considered higher risk since the customer is not present and the card is not in hand.
Q. What is a Chargeback?
A. A chargeback occurs when a customer disputes a charge on their statement by contacting the credit card company instead of contacting you. If a customer does not recognize the charge on their statement, or if they believe the amount was wrong, they may call their credit card company and ask them to investigate. Thus begins the chargeback. The merchant bank will charge you a fee for the retrieval of information, and if it is determined that the customer is right, there will be another fee for the chargeback itself. The customer will be refunded their money directly through the credit card company and your checking account will be debited. Eventually, if your account has excessive chargebacks, the bank may choose to cancel your account. The more you do to protect yourself against chargebacks, the better off you'll be.
Q. Please explain the monthly minimum? “NYSSCPA members do not have a monthly minimum”.
A. The monthly minimum for your merchant account is derived from your processing fees. The minimum of $25 should be collected in MC & Visa fees. The actual amount of processing to achieve that minimum will depend upon your discount rate. For example, if you have a discount rate of 2% and you process a transaction for $100, then $2.00 in processing fees will be taken from that transaction and applied towards your monthly minimum of $25. If, at the end of the month, you have not processed enough transactions to cover the minimum fee, you will be charged the difference.
Q. What is the difference between qualified, mid-qual, and non-qual transactions?
A. Qualified discount rate is applied for all transactions meeting the "normal" operating guidelines as outlined below:
 All Merchants
Close batches daily
Retail (Terminal) Merchants
Magnetically swiped & electronically authorized charges
Internet / MOTO Merchants
Electronically authorize charges using AVS and including order numbers for Visa and MasterCard transactions
Mid-Qualified discount rate is applied for all transactions meeting the operating guidelines as outlined below:
Retail (Terminal) Merchants
Manually keyed orders using AVS & order number on Visa and MasterCard transactions.
Internet / MOTO Merchants
There is no mid-qual rate for Internet / MOTO merchants.
Non-Qualified discount rate is applied for all transactions meeting the operating guidelines as outlined below:
All Merchants
- Not Closing batches daily
- Not using AVS & providing order numbers on manually
keyed or Internet transactions for Visa Cards
- High Risk Merchants (Visa Transactions Only)
- Following Card Types:
: Business and Corporate cards
: MasterCard/Visa Business cards
: Procurement cards (Government)
: Visa Signature cards
: MasterCard World cards
Q. What is the statement fee? NYSSCPA Members do not have a statement fee.
A. The statement fee is charged by the bank each month to process and send you your statement.
Q. What is the gateway fee?
A. The gateway fee is charged by the real-time processor (if you signed up for an Internet account.
Q. What is the AVS fee? NYSSCPA Members do not have an AVS fee.
A. The AVS fee is charged by the processor to allow you to use the Address Verification System on your Internet and MOTO charges to protect against fraudulent orders. The fee for your account is $0.10 per transaction. This is in addition to your regular merchant account fees. This does not apply to sales "swiped" through a terminal, but it does if transactions are "keyed" or typed into a terminal.
Q. How do I get set up for Discover Card and American Express?
A. When you sign up for your merchant account, you are signing up to accept MasterCard and Visa transactions only unless you choose to add Discover Card and AMEX at the same time. Please note, they do charge different discount rates than your regular account, and they send you separate statements as well. Please be sure to ask for more details.
Payment Card Industry Data Security Standards (PCI DSS)
Q. Do I have to comply with PCI (previously known as CISP and SDP)?
A. Yes, this program is mandatory for all merchants that store, process or transmit through Visa® and MasterCard®.
Q. What happens if I don't comply with these standards?
A. You could face fines ranging from $2,000 to $500,000 and be financially responsible for all fraud transactions that take place on cards compromised at your location.
Q. What is the difference between compliance and validation?
Merchants are compliant when they are abiding by the new security standards. Compliance is required for merchants of all 4 levels. Validation is the process confirming that a merchant is abiding by the new security standards. To become validated, you must complete a Self Assessment Questionnaire and perform a Quarterly Network Scan on your system to detect potential vulnerabilities. Currently, Visa and MasterCard only require merchants in Levels 1 - 3 to be validated. However, Level 4 merchants still must be in compliance and are encouraged to validate.
Q. What is a data compromise?
A. Data compromise is an incident involving the electronic or physical breach of cardholder data through the communication and/or information processing of the merchant/third party. Electronic breaches include data vulnerability in transit and storage, attacks via web sites or servers, private key mismanagement, access related to user ID or password, and administrative network performance problems. Physical breaches include theft of documents or equipment such as receipts, files, PCs, or POS terminals.
Q. How do Visa® and MasterCard® define cardholder data?
A. Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, etc. The account number is the critical component that makes PCI applicable. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data. However, PCI applies even if the only data stored, processed, or transmitted is account numbers.
Q. When is it acceptable to store magnetic stripe data?
A. It is never acceptable for acquirers, merchants, or service providers to retain magnetic stripe data subsequent to transaction authorization. The Visa & MasterCard Operating Regulations prohibit storage of the contents of the magnetic stripe as a unit. Cardholder name, account number, and expiration date may be retained subsequent to transaction authorization, however the data must be encrypted.
Q. When is it acceptable to store CVV2 & CVC2?
A. It is never acceptable for acquirers, merchants, or service providers to retain CVV2 & CVC2, which consists of the last three digits printed on the signature panel of all Visa & MasterCard cards, subsequent to transaction authorization. The Visa & MasterCard Operating Regulations prohibit such storage, whether encrypted or unencrypted.
Q. Where can I find the Self-Assessment Questionnaire?
A. The Self-Assessment Questionnaire is available on www.visa.com/cisp. Many of the qualified security assessors offer merchants and service providers the option to complete the Compliance Questionnaire on the security assessor's Web site.
Q. What is a network security scan?
A. A network security scan involves an automated tool that checks a merchant or service provider's systems for vulnerabilities. The tool conducts a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company's private network. As provided by qualified security assessors, the tool will not require the merchant or service provider to install any software on their systems, and no denial-of-service attacks will be performed.
Q. What are the compliance validation reporting requirements for merchants?
A. Merchants will provide compliance validation documentation to their acquirer(s). Though the compliance validation process is aligned for merchants, acquirers must follow each payment card company's respective reporting requirements to ensure that a merchant's status is appropriately filed with each.
Q. How is the transaction volume that determines a merchant's compliance level measured?
A. The number of transactions will be determined based on the gross number of Visa transactions processed by a DBA or a chain store—not of a corporation that owns several chains. For all levels, if a merchant meets the compliance validation criteria based on Visa OR MasterCard transaction volume, they must comply with the Payment Card Industry Data Security Standards (PCI DSS) requirements.
|
