CVV2 Processing in Card-not-Present Transactions

Card Verification Value 2 (CVV2) is a three-digit number located on the back of every Visa credit and debit card, to the right of the signature panel. It is used by MO/TO and eCommerce merchants to verify that the customer is in a physical possession of the card at the time of the payment. When processing CVV2 requests in card-not-present transactions, merchants should follow these best practices:

• The CVV2 verification process begins with the merchant asking the customer to provide the last three digits in or next to the signature panel on the back of the Visa card.
• If the customer provides the requested numeric code, it should be included with the account number and the expiration date when the transaction is submitted for authorization. Whether the CVV2 is included in the authorization request or not, one of the following CVV2 presence indicators should be included in the authorization request:

  Indicator	Meaning
  0	CVV2 is not included in authorization request.
  1	CVV2 is included in authorization request.
  2	Cardholder has stated that CVV2 is illegible.
  9	Cardholder has stated that CVV2 is not on the card.

• The merchants will receive a CVV2 result code from the card issuer, along with the transaction authorization. You should evaluate the code and take it into account when deciding on how to proceed with the transaction. You will receive one of the following result codes.

  CVV2 Result Code	Recommended Action
  M - Match	Complete the transaction, taking into account all other transaction characteristics and verification data.
  N - No match	This is a sign of potential fraud which should be taken into account along with the authorization response and any other verification data. You may also want to resubmit the CVV2 with a zero-dollar authorization request to rule out the possibility of a key-entry error.
  P - CVV2 Request not processed	Resubmit the authorization request.
  S - Cardholder reports that CVV2 is not on the card	Follow up with the customer to verify that the correct card location has been checked for CVV2.
  U - Issuer does not support CVV2	Evaluate all available information and decide whether to proceed with the transaction or to investigate further.

Be advised that for security reasons CVV2 can never be stored as a part of order information or customer data. Merchants who do store CVV2 may be assessed substantial fines.

Cardholder Information Security Program

Visa has established the Cardholder Information Security Program (CISP) to define standards for protecting sensitive information. CISP compliance is mandatory for all merchants that accept Visa credit cards and for merchant services companies that provide payment processing services. There are twelve basic CISP requirements that merchants and service providers have to meet. By demanding compliance with all of these requirements, Visa ensures that if one of them fails, there are other walls left to protect the sensitive information from unauthorized use. CISP requires that merchants:

1. Install and maintain a functioning firewall to protect personal data.
2. Regularly install security updates.
3. Protect stored data.
4. Encrypt cardholder and other sensitive information when transmitted across public networks.
5. Install and regularly update anti-virus software or programs.
6. Restrict internal access to cardholder account data on a "need-to-know" basis.
7. Assign a unique user ID to each person with computer access to sensitive data.
8. Do not use vendor-supplied default settings for system passwords and other security parameters.
9. Track access to data by unique user ID.
10. Regularly test security systems and processes.
11. Establish and maintain information security requirements for employees and contractors.
12. Restrict physical access to cardholder information.

The above CISP requirements apply to any merchant or payment processing service provider that stores, processes, or transmits Visa cardholder information. All eligible merchants and card processing service providers, regardless of size (or in the case of service providers, whether they support issuing or merchant activity) must comply with the twelve basic CISP requirements.

Card Processing Security Breach Responses

Merchants have a responsibility and an obligation to protect the privacy of the credit card information that customers provide during transactions. They must comply with a set of payment card information protection standards that the Credit Card Associations have enacted. Still, security breaches do occur and, when that happens, merchants must have policies in place to guide their responses. If merchants or merchant services providers experience a suspected or confirmed security breach, they should:

• Immediately contain and limit the exposure. To protect any further loss of data, merchants should conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise. Implement the following measures:
  • Do not access or alter compromised computer systems. Do not log on to the computer or change passwords.
  • Do not turn off the compromised computer. Instead, isolate compromised systems from the network by unplugging their cables.
  • Preserve logs and electronic evidence.
  • Log all actions taken.
  • If using a wireless network, change the network code on the access point and on computers that may be using this connection (with the exception of any systems believed to be compromised).
  • Be on high alert and monitor all data security and fraud prevention systems.
• Alert all necessary parties. You should immediately contact:
  • Your internal information security group, if applicable.
  • Your legal department.
  • Your merchant services provider.
  • The local FBI office.

In the event of a security breach, the Credit Card Associations or your merchant processing bank will contact the merchant or merchant services provider to discuss the compromise and review the actions required to prevent future loss or theft of transaction information.

Initiating Transaction Copy Requests

When cardholders do not recognize a charge on their credit card account statements, they typically contact their card issuers and request a copy of the transaction at issue to help determine whether or not the charge is valid. When a card issuer receives such a request, their representative will first try to answer the cardholder's questions and attempt to establish the facts surrounding the transaction. If this cannot be done, the card issuer will electronically send a "request for copy" (also knows as a "retrieval request") to the merchant processing bank (also known as merchant bank, acquiring bank or Acquirer) that provides merchant services to the establishment that has generated the transaction. If the transaction receipts that the merchant generates are stored at their merchant processing bank, the bank will fulfill the retrieval request and the merchant will never find out about it. If, however, the merchant stores its own transaction receipts, the merchant processing bank will forward the retrieval request to the merchant. The merchant then must produce a legible copy of the transaction receipt and submit it to the merchant processing bank within a certain time frame. The merchant processing bank will then send the transaction copy on to the card issuer. The process of producing and submitting a copy of a transaction receipt is also known as representment. The following posts will describe this process in details.

Recurring Payments

What are Recurring Payments? Recurring payment plans exist when a cardholder authorizes a merchant to charge his or her credit or debit card on a regular basis (e.g., monthly, quarterly or annually). Payment amounts can be fixed or they can vary and the plan exists until it is canceled by the cardholder. A good example of a recurring payment plan would be an auto insurance policy that has been set up so that the insured's credit card is charged monthly and the service will be provided indefinitely, or until it is canceled by the consumer. All merchant processing accounts support this feature. Benefits for Merchants:

• Providing additional payment processing options. Customers like having payment options at the checkout.
• Increasing enrollment in online payment processing. It is a great time-saving tool.
• Reducing customer service calls. By automatizing the process merchants ensure less payment-related issues.
• Improving cash flow. Recurring payment card processing plans ensure that less mistakes will be made and less payments will be returned.
• Reducing delinquencies. Setting up the payment schedule beforehand ensures less delinquencies.
• Improving collections. Since the payments are processed automatically, they are easier to collect.
• Increasing customer retention. Consumers, too, enjoy the convenience of recurring payment plans.

Benefits for Cardholders:

• Convenience of setting up the payments once. It's fast, easy and simple. You don't have to go over it again.
• Time savings. Once the plan is set up, you are done. Payments are made automatically thereafter.
• Stress relief. You don't have to keep on checking when the bill is due and worry about being late on a payment.
• Cost savings. No more post stamps to stick on payment envelopes.
• Earning points on rewards program. Some merchants qualify for various credit card reward programs.

Depending on the type of merchant account that you have, recurring payment plans may be set up differently. Ask your credit card processing provider for assistance if you are not sure how it is done.

Merchant Requirements for Securing Cardholder Information

To protect your merchants, cardholders, and the integrity of the payment system, each of the credit card processing companies has in place a set of requirements governing the safekeeping of account information. Following is a brief overview of the most critical aspects of those requirements.

Storage of Cardholder Information	Do not store the following under any circumstance: Full contents of any track from the magnetic stripe on the back of the card. Card-validation code-the three-digit value printed on the signature panel of a MasterCard®, Visa®, Discover®Card, JCB®, or Diners Club® card, and four-digit code printed on the front of an American Express® card. Store only that portion of the customer's account information that is essential to your business-i.e. name, account number or expiration date. Store all material containing this information (e.g., authorization logs, transaction reports, transaction receipts, car rental agreements, and carbons) in a secure area limited to authorized personnel.
Destruction of Cardholder Information	Destroy or purge all media containing obsolete transaction data with cardholder information.
Use of Agents or Third Parties (Vendors, Processors, Software Providers, Payment Gateways, or Other Service Providers)	Advise each merchant account provider or credit card processing contact (representing each of your card brands) of any agents that engage in, or propose to engage in, the processing or storage of transaction data on your behalf-regardless of the manner or duration of such activities. Make sure these payment processing agents adhere to all rules and regulations governing cardholder information security. Any violation by your card processing agent may result in unnecessary financial exposure and inconvenience to your business.
Reporting a Security Incident	In the event that transaction data is accessed or retrieved by any unauthorized entity, notify the merchant services provider or merchant processing contact for each card brand immediately. This report will not only minimize risk to the payment system, but protect your customers in the most responsible manner. Systems and procedures are in place to immediately stop the unauthorized use of compromised data, but are effective only when you (and every small business merchants accounts provider) do your part to promptly report a security incident.

Interchange Fees

In the payment card industry interchange is the fee that an acquiring bank pays to a card issuing bank when a card (issued by the card issuing bank) is used to pay for a product or a service, provided by a merchant who has a merchant account with the acquiring bank. The issuing bank pays the acquiring bank the transaction amount minus the interchange fee. The acquirer then pays the merchant the transaction amount minus both the interchange fee and its own payment processing cost. Interchange rates are published annually by both Credit Card Networks - Visa's and MasterCard's and are available for everyone to see. They represent the largest chunk of the total transaction processing costs that merchants pay for accepting payment cards. Various estimates put their share at anywhere between 70% - 90%. Interchange rates are typically comprised of a percentage of the transaction amount (for example 1.94%) plus a fixed fee (for example $0.10). Various factors come into play when interchange fees are established. Generally, payments taken in a card-not-present environment are processed at a higher interchange than payments taken in a card-present environment. That is the reason why eCommerce merchant account and MOTO merchant account users pay higher processing fees than, say, retail merchant account users. Since interchange rates are set by Visa and MasterCard, merchants have no leverage over them. It is, however, important to know what they are, so that, when negotiating with prospective merchant account providers, you will know exactly what you are being offered. There are several merchant processing pricing structures and this article will not go over all of them but probably the best model is the pass-through one. It works by simply adding your merchant services provider's processing cost to interchange, ensuring that every single transaction is processed at the same rate. You will only have to make sure that these processing costs are not inflated and a simple referral to the interchange chart will help you do just that.

Merchant Account

Definition. A merchant account is a payment card processing service that a merchant bank provides to a merchant. It represents a form of line of credit that the merchant bank extends to the merchant and it allows the merchant to accept the card brands, specified in the processing agreement. How it Works. When a merchant accepts a cardholder's payment information, it is transmitted to the merchant bank. The merchant bank then pays the merchant the transaction amount, minus the interchange fees and the processing costs, and submits a payment request to the bank that issued the card used to make the purchase. The issuing bank then pays the merchant bank the transaction amount, minus the interchange fees, and posts the transaction on the cardholder's monthly statement. The cardholder then pays the issuing bank to close the cycle. Types of Merchant Accounts. There are a number of different merchant account types but the most widely used are:

• Card-Present Merchant Accounts. This type of merchant account service includes all payment processing solutions that use payment terminals to read the account information from the magnetic stripe of a card that is swiped through. Because the merchant is in actual possession of the card (hence, card-present) as the payment is being made, these merchant accounts are considered less likely to generate fraudulent transactions and enjoy lower processing rates.
• Card-not-Present Merchant Accounts. Included in this group are all card payment processing services where the card account information is manually entered into the merchant bank's system, using a web browser or a telephone keypad. The card itself is absent (hence, card-not-present). Because the merchant is never in possession of the card and the information is given to him or her, card-not-present transactions are considered more likely to generate fraudulent activity or processing errors and are processed at higher rates. There are two distinct sub-groups here:
  • ECommerce Merchant Accounts. These merchant accounts are used by web-based merchants and enable consumers to enter their payment card information into a payment form on the merchant's website. Once submitted, the payment details are automatically transmitted, via a payment gateway, to the merchant bank.
  • Mail Order and Telephone Order Merchant Accounts. Also known as MO/TO merchant accounts, these payment acceptance solutions enable merchants to enter the payment information, provided to them by their customers into a form on the merchant bank's payment system's website or, using a telephone keypad, to call it into the merchant bank's system.

Payment Gateway

Definition. A payment gateway is a web-based service that transmits payment information from an eCommerce website to a merchant processing bank. It is the eCommerce equivalent of the physical terminal used by merchants in card-present payment acceptance environments. The collected information is encrypted to ensure that personal data is transmitted in a secure fashion. How it works. A payment processing gateway connects the eCommerce website's shopping cart with the merchant processing bank's system. The stages of the process are as follows:

• A customer places an order on an eCommerce website and submits his or her payment information.
• The payment information is encrypted using a secure socket layer (SSL) service and sent to the merchant's server.
• The eCommerce gateway then collects the payment information and, after another SSL encryption, transmits it to the merchant account provider's server.
• The merchant processing bank then sends the payment details to the appropriate Credit Card Network (Visa or MasterCard).
• If the cardholder used a Discover or an American Express card, the payment processing provider serves as an acquiring bank and decides whether or not to authorize the transaction; then forwards the response to the merchant.
• The Credit Card Network forwards the transaction to the card issuing bank.
• The Issuer either authorizes or declines the transaction and sends a response code (through the exact same channel) back to the merchant bank. The response codes for declined transactions provide details for the reason the transaction did not get approved.
• The merchant processing bank then sends the response code (through the eCommerce payment gateway) to the merchant's website and it is presented to the cardholder.
• The whole process, from submitting the payment to receiving the response, takes seconds.
• The merchant then provides the service or ships the product and settles the transaction. It is very important that transactions do not get deposited prior to the product being shipped. If the cardholder notices the charge on his or her card statement or transaction activity (now available online in almost real time), prior to receiving the merchandise, the transaction may be disputed, initiating a chargeback.
• At the end of the business day, all authorized transactions (also called a "batch") are submitted to the merchant processing bank for settlement.
• The merchant bank then deposits the total transaction amount, minus interchange fees and processing costs, into the merchant's bank account.
• The entire process takes approximately 2-3 business days.

Card payment processors typically provide eCommerce gateways as part of the merchant account. They charge a monthly fee for the service ($10 - $25) and may charge a fee for the set up as well. Every major online payment gateway supports the latest fraud prevention solutions, including the Address Verification (AVS) and Card Verification (CVC2, CVV2, CID) services.

Merchant Account Providers

Merchant account providers enable businesses to accept credit and debit cards for payment. Whether an organization accepts cards in a card-present or in a card-not-present environment, they need a merchant account to do that. In order for a company to become a provider of merchant account services, it first has to be authorized by the Credit Card Associations of Visa and MasterCard. The process involves a check of the credit worthiness of both the business and its principals, a review of the applicant's business and marketing plans and the payment of the registration fees which are $5,000 for each Association. Although banks, that are members of Visa and MasterCard, can and do provide merchant processing services, more typically they outsource this responsibility to third parties. By doing so, they become sponsors of these third parties in their applications with Visa and MasterCard. Merchant account processors are known as Independent Sales Organizations ISO) when they are registered with Visa and as Member Service Providers (MSP) when they are registered with MasterCard. Businesses apply for both registrations at the same time, through their sponsor bank. Upon approval of the application, the sponsor bank becomes an acquiring bank for the ISO/MSP. This means that it acquires the sales receipts that the merchants, using its payment processing services, generate and it is then responsible for paying the merchant the transaction amounts, minus its processing costs and the interchange fees. In the mean time the merchant processing bank submits a payment request, through Visa or MasterCard, to the bank that issued the card used in the particular transaction. ISOs and MSPs are obligated to display the name(s) of their acquiring bank(s) on every page of their website and other promotional materials. Usually this sign is placed in the footer of the website. Once registered, ISOs and MSPs can sign up sales agents to source merchants for them. The sales agents, however, cannot advertise themselves as providers of merchant account processing services. They are only authorized to represent the ISO/MSP and must identify themselves as agents to these companies.

Merchant Account Qualifications

There are certain requirements that applicants for US-based merchant accounts have to comply with. It is the responsibility of merchant account providers to ensure that all applicants:

• Are legally registered within the US. Applicants for merchant services have to be either incorporated as businesses within the state that they reside in or they have to be registered with the local municipality and obtain a "Doing Business As" (DBA) name. Individuals are not allowed to establish merchant account processing services. Foreign establishments are also excluded from obtaining US-based payment processing accounts.
• Have a physical address and a registered agent within the USA. Applicants for US merchant services need to provide available a contact person within the US and a physical office for the merchant processing bank to inspect.
• Have a bank account with a US bank. The bank account into which the merchant will have his or her funds deposited must be opened with a US bank.

Only if the applicant complies with the above requirements, the merchant account processor will proceed with the application.

Merchant Account Application Requirements

Provided your organization is qualified to apply for a US-based merchant processing account and has received an acceptable payment processing proposal, you can commence the application process. There are a number of requirements that need to be met and, to understand why the process is so stringent, you need to understand exactly what is it that you are applying for. A merchant account is a form of line of credit that a merchant processing bank is extending to the applicant. When you accept a transaction, your merchant account bank will "acquire" it, usually at the end of the day, and will automatically deposit the payment amount, after subtracting the interchange fee and its own processing cost, into your checking account. At the same time it will submit a request for payment to your customer's card issuing bank. Your merchant bank will pay you before it gets paid. That is the reason why they have set in place an application process, designed to establish the credit worthiness of both the applicant organization and its principals. Following is a list of requirements that you will have to meet:

• Merchant Account Application. You will provide in this form details about both your business and yourself, including address (business and personal), social security number, tax ID (if applicable), phone numbers, email address, web address, bank account info, etc.
• Personal Guarantee (for-profit businesses only). All new businesses and a great many established ones are required to provide a personal guarantee before establishing payment processing services.
• Articles of Incorporation. Unless your establishment is a sole proprietorship, you will have to provide a proof that it has been legally incorporated.
• Business License. If your business activity is regulated and requires a license, either a federal or a state one, you will need to provide it.
• Business Financial Statements. Unless your organization has been formed recently, you will have to provide its financial statements (typically it is required that you produce financial statements for the two years preceding the application date).
• Personal Financial Statements. Typically requested in place of business financial statements, personal financials might be requested in addition to them. Personal tax returns for the latest two years are typically sufficient.
• Processing Statements. If you are currently processing credit cards and are looking for a new service, you will be asked to produce your three latest processing statements.
• Voided Check. You will need to provide a voided copy of a check for the bank account that you want your money to be deposited into. The check has to have your "Doing Business As" (DBA) name printed on it. If you have not yet received your checks, you will need to provide a signed bank letter stating your account details.

As you see, there are quite a few requirements for applicants to accept credit and debit cards and it is by no means certain that you will be approved. Still, if you provide the needed paperwork and have a decent credit history, chances are that you will get your merchant account service.

Wireless Merchant Account

What they are. Wireless merchant accounts enable merchants to accept credit and debit card payments on portable terminals whenever their customers happen to be. Depending on the type of wireless credit card processing solution, the terminals may be using short- or long-range networks to transmit the payment processing information.

Types of Wireless Payment Processing Services. There are two groups of wireless solutions:

• Long-Range Wireless Service. Long-range wireless solutions use cell phone-type of network connectivity for transmitting payment information. It works everywhere network service is available. It is perfect for businesses that regularly accept payments at their customers' locations.
• Short-Range Wireless Service. Short-range merchant processing solutions use the same connectivity services that cordless phones use. The credit card processing device can be operational within several hundred feet of the location of its base unit which is connected to a phone line. The short-range wireless card processing solution is perfect for merchants with limited portability requirements, e.g. merchants who need payment processing services at different locations on their premises.

Advantages of Wireless Processing. There are several main advantages to using portable credit card processing solutions.

• Additional Processing Options. A mobile credit card processing service allows you to immediately accept payments at trade shows, conventions, or at your customers' premises.
• Increased Security. With a wireless terminal the customer remains in possession of the card at all times.
• Reduced Processing Costs. Because wireless transactions are processed in a card-present environment, they generally receive the best possible rates.

Disadvantages of Wireless Processing. There are a couple of disadvantages of using portable processing solutions that you need to be aware of.

• Equipment Cost. The price of wireless terminals is significantly higher than that of regular point-of-sale terminals and can be the deciding factor in your decision, especially if your processing volumes are low.
• Network Coverage. Generally described as the biggest draw-back, network connectivity is constantly being improved. You will need to check its reliability in the area you will be operating in with your prospective merchant services provider before setting up a wireless merchant account.

Processing Cards in a Face-To-Face Environment

Credit card processing in a face-to-face setting provides merchants with a certain amount of leverage over weeding out fraudulent transactions before it is too late. Having a visual contact with your customer and the ability to physically examine the payment card, as the transaction is being processed, gives you a powerful tool to evaluate the genuineness of both the card and the cardholder. In order to exploit your advantage to the highest degree, you will need to follow a set of payment processing procedures at the checkout. Your point-of-sale personnel must be fully trained to execute your card processing strategy. The process of accepting payment cards includes:

• Swiping the Card. This procedure is straightforward enough and it does not require much explanation. Make sure you place the card correctly so that the magnetic stripe is in the right position to be read by your terminal.
• Checking the Card's Security Features. This is probably the most important stage in the process. Make sure the card has not been altered in any way, pay close attention to the account number and the Card Verification Code, as well as the hologram. If any one of these features looks altered, this, in itself, might be a sufficient reason to make a "Code 10" call (see below).
• Authorizing the Transaction. Make sure your authorization request is approved and have your customer sign the sales receipt.
• Comparing Sales Receipt to Payment Card. Make sure the account information, printed on the sales receipt, matches the card's details. Compare your customer's signature, provided on the receipt, to the one on the back of the card. If everything looks legitimate, return the card to its cardholder and provide him or her with a copy of the sales receipt.
• Making a "Code 10" Call. If you have gathered enough information to lead you to suspect a fraudulent activity, call your merchant services provider's authorization center and state that you are making a "Code 10" call. This is the code word for reporting a possible fraud. You will be routed to the card issuer's call center, where you will be asked to answer, with a "yes" or "no", a series of questions to determine the legitimacy of the transaction. Upon reaching a conclusion, you will be given instructions on how to proceed. If asked to recover the card, you should only do so if it is safe. If not, complete the transaction and alert your management after your customer leaves the store.

Following the above procedures will ensure lower levels of fraud and less chargebacks which, in turn, will improve your bottom line.

Processing Cards in a Face-To-Face Environment

Processing Cards in a Face-To-Face Environment

Credit card processing in a face-to-face setting provides merchants with a certain amount of leverage over weeding out fraudulent transactions before it is too late. Having a visual contact with your customer and the ability to physically examine the payment card, as the transaction is being processed, gives you a powerful tool to evaluate the genuineness of both the card and the cardholder. In order to exploit your advantage to the highest degree, you will need to follow a set of payment processing procedures at the checkout. Your point-of-sale personnel must be fully trained to execute your card processing strategy. The process of accepting payment cards includes:

• Swiping the Card. This procedure is straightforward enough and it does not require much explanation. Make sure you place the card correctly so that the magnetic stripe is in the right position to be read by your terminal.
• Checking the Card's Security Features. This is probably the most important stage in the process. Make sure the card has not been altered in any way, pay close attention to the account number and the Card Verification Code, as well as the hologram. If any one of these features looks altered, this, in itself, might be a sufficient reason to make a "Code 10" call (see below).
• Authorizing the Transaction. Make sure your authorization request is approved and have your customer sign the sales receipt.
• Comparing Sales Receipt to Payment Card. Make sure the account information, printed on the sales receipt, matches the card's details. Compare your customer's signature, provided on the receipt, to the one on the back of the card. If everything looks legitimate, return the card to its cardholder and provide him or her with a copy of the sales receipt.
• Making a "Code 10" Call. If you have gathered enough information to lead you to suspect a fraudulent activity, call your merchant services provider's authorization center and state that you are making a "Code 10" call. This is the code word for reporting a possible fraud. You will be routed to the card issuer's call center, where you will be asked to answer, with a "yes" or "no", a series of questions to determine the legitimacy of the transaction. Upon reaching a conclusion, you will be given instructions on how to proceed. If asked to recover the card, you should only do so if it is safe. If not, complete the transaction and alert your management after your customer leaves the store.

Following the above procedures will ensure lower levels of fraud and less chargebacks which, in turn, will improve your bottom line.

Processing Cards in a Card-Not-Present Environment

Overview. Credit card processing for eCommerce and direct marketing merchants is conducted in a very different manner, compared to card processing in a face-to-face environment. For obvious reasons, in a card-not-present setting, the card's magnetic stripe cannot be read and the account information has to be collected using other means. MOTO merchant account solutions provide direct marketers with a virtual terminal which allows them to log into their merchant processing bank's system and enter payment information, as they have received it from their customers. ECommerce merchant account solutions, on the other hand, provide customers with the option to enter their payment details on the merchant's website. The payment processing information is then transmitted, through a payment gateway, to the merchant account processor. In both cases the information is provided to the merchants by their customers and, unlike in a card-present environment, they lack the capability to physically examine the card to verify its authenticity. There are, however, several fraud prevention tools that, if implemented diligently, will significantly reduce the possibility of fraud. Transaction Authorization. Transactions, conducted in a card-not-present setting, have a zero floor limit. What this means is that they all require authorization. Always obtain authorization before providing the service or shipping the product. Expiration Date. Always ask for the "Good Through" date of the payment card that your customer is using. ECommerce processing merchants should set up their websites' payment forms to have a mandatory field for the card's expiration date. Direct marketers should have the same field available in their printed payment forms and should insist that customers provide it. Card Verification Codes. Card verification codes are the three-digit numbers that are found in the signature panels on the back of Visa, MasterCard and Discover cards and the four-digit numbers that are found slightly above and to the right of the account numbers of American Express cards. You should always ask the customer to provide this code as an additional way to prove that he or she is in a physical possession of the card. Address Service Verification. Address Service Verification (AVS) is an automated service that allows merchants to verify the cardholder's billing address. A part of the authorization process, the AVS provides merchants with another indicator on whether or not a transaction is genuine. The way it works is by sending the address information, collected by the merchant, to the card issuer. The card issuer then compares the submitted data to the one they have on file for their cardholder and respond accordingly.

Card Security Codes

Card security codes were implemented and are used by all Credit Card Companies and Associations as an additional anti-fraud tool. Card security codes are the three-digit numbers found in the signature panels on the back of Visa, MasterCard and Discover cards and the four-digit numbers found slightly above and to the right of the account numbers of American Express cards. You should implement their use in your daily card payment processing procedures and should always ask your customer to provide this code as an additional way to prove that he or she is in a physical possession of the card. The following procedures should be followed in all card-not-present transactions:

• Ask your customer for the last three digits on the back of a Visa, MasterCard or a Discover card or for the four-digit number above the account number on the front of an American Express card.
• Submit the information obtained from your customer, along with other data, with your authorization request. Use one of the codes in the table below.

Indication	Meaning
0	Card Security Code is not Included in the authorization request
1	Card Security Code is Included in the authorization request
2	Cardholder has Stated that the Card Security Code is Illegible
9	Cardholder has Stated that the Card Security Code is not on the Card

• Evaluate the result code for your Card Security Code verification request and use it in determining your action. The table below lists the possible result codes.

Result Code	Recommended Action
M - Match	Go ahead and complete the transaction, unless other fraud indicators are raising a red flag.
N - No Match	A strong signal for fraud, this result code should be taken into consideration along with data from your other fraud-prevention services.
P - Request not Processed	Resubmit your request.
S - Cardholder States Security Code is Not on Card	Make sure the cardholder is looking at the right location, often customers just don't know what is it they are looking for.
U - Issuer does not Support Security Code	In such cases you should rely on your other fraud prevention mechanisms.

The Credit Card Companies and Associations strictly prohibit the storage of Card Security Codes and may impose substantial fines on offenders. You are allowed to store card account name and number, as well as cards' expiration dates. Contact your merchant services provider for additional information on Card Security Codes and how to implement their use in your daily card processing procedures. They will help you weed out fraudulent transactions, reduce chargeback levels and improve your bottom line.

Merchant Account

Definition. A merchant account is a payment card processing service that a merchant bank provides to a merchant. It represents a form of line of credit that the merchant bank extends to the merchant and it allows the merchant to accept the card brands, specified in the processing agreement. How it Works. When a merchant accepts a cardholder's payment information, it is transmitted to the merchant bank. The merchant bank then pays the merchant the transaction amount, minus the interchange fees and the processing costs, and submits a payment request to the bank that issued the card used to make the purchase. The issuing bank then pays the merchant bank the transaction amount, minus the interchange fees, and posts the transaction on the cardholder's monthly statement. The cardholder then pays the issuing bank to close the cycle. Types of Merchant Accounts. There are a number of different merchant account types but the most widely used are:

• Card-Present Merchant Accounts. This type of merchant account services includes all payment proccesing solutions that use payment terminals to read the account information from the magnetic stripe of a card that is swiped through. Because the merchant is in actual possession of the card (hence, card-present) as the payment is being made, these merchant accounts are considered less likely to generate fraudulent transactions and enjoy lower processing rates.
• Card-not-Present Merchant Accounts. Included in this group are all card payment processing services where the card account information is manually entered into the merchant bank's system, using a web browser or a telephone keypad. The card itself is absent (hence, card-not-present). Because the merchant is never in possession of the card and the information is given to him or her, card-not-present transactions are considered more likely to generate fraudulent activity or processing errors and are processed at higher rates. There are two distinct sub-groups here:
  • ECommerce Merchant Accounts. These merchant accounts are used by web-based merchants and enable consumers to enter their payment card information into a payment form on the merchant's website. Once submitted, the payment details are automatically transmitted, via a payment gateway, to the merchant bank.
  • Mail Order and Telephone Order Merchant Accounts. Also known as MO/TO merchant account, these payment acceptance solutions enable merchants to enter the payment information, provided to them by their customers into a form on the merchant bank's payment system's website or, using a telephone keypad, to call it into the merchant bank's system.

Get Internet Merchant Accounts with ease

We are all well aware that merchant accounts are beneficial and useful to merchants who have to deal with their business with services they provide online. There are many types of merchant accounts like internet merchant account, retail merchant account, and a lot more. There are both advantages and disadvantages linked with merchant accounts, but this mainly depends on the services the merchant provides. In comparison to the advantages, it is better to have a look at the disadvantages or the loop holes present in merchant accounts as this will give you an idea to judge a good merchant account from a fraudulent one, before arriving at a final decision.

The most apparent drawback in a merchant account is the high risk factor related to this. The deemed high risk is because of the fact that they are vulnerable to fraud. Today, most of the business houses do their business online by using the online-merchant-services.blogspot.com Most often it is impossible to identify whether the transaction you made is valid or not. There are many fraudsters and hackers waiting online for an opportunity to take the advantage of these transactions. You can prevent this by being aware of all the activities being routed through your merchant account. Another major setback for those doing business online is the fact that many customers in countries like Russia, Germany and several third world countries do not use credit cards. Merchants will have to find other modes for business transactions in these countries. You can get more access to information on the pros and cons of having a merchant account at our www.online-merchant-services.blogspot.com which has been designed specifically for you.

It takes more time to get your business to be approved for a merchant account because of the fraudulent activities which is now commonplace with these services. Before providing a online-merchant-services.blogspot.com to any company, the merchant account provider investigates in detail, the genuineness of the companies as a precautionary measure against fraud. Due to the predominance of this social menace, the expense connected with a merchant account can be quite expensive once you are approved.

Besides its downside, a merchant account has its advantages as well. Due to these pros, the use of merchant account has become the first preference since it allows clients to check out information and they are not pressurized to make a purchase unless they prefer to do so. Ecommerce websites and adult websites use merchant accounts since this is the best way to accept credit cards online devoid of having the site descends. There is much software available in the market that reduces the risk of fraud and hacking. A lot of good and bad things are to be considered before posting your business. So when it comes to the most important part of your business that needs to be noticed, then your one stop online is online-merchant-services.blogspot.com

Eligibility for US Merchant Accounts

Published 16 October, 2008, 3:18 pm

the Credit Card Networks of Visa and MasterCard prohibit some business types from establishing US-based merchant account services for accepting credit and debit card payments. The decision on who exactly is to be included in this “black list” is mandatory for all acquiring banks, which are also Visa and MasterCard members, and for merchant services providers. What this means is that no US merchant processing bank is allowed to acquire transactions from blacklisted organizations. The biggest factor in determining whether a particular type of business should be prohibited from setting up a US-based merchant account service is its chargeback-generation potential. In some industries, historical data show that the chargeback levels are simply unacceptably high. It should be noted that, even when a merchant account service is established, chargeback levels are still closely monitored and, if they exceed 1% of the total volume for three consecutive months, merchants will lose their merchant account. The merchant services providers also get fined for high chargeback levels at their merchants, providing them with an additional incentive to strictly monitor these levels. Merchant account applications from merchants engaged in the following activities will not be considered for US-based merchant accounts, without any exceptions: Any merchant engaged in illegal activity. Adult-oriented products or services (all media types: internet, telephone, printed material etc.). Online and MO/TO pharmacies (where fulfillment of medication is performed with an Internet or telephone consultation, absent a physical visit with a physician). Re-importation of pharmaceuticals from foreign countries. Online and MO/TO firearm or weapons sales (including ammunition). Online and MO/TO cigarette tobacco sales. Occult materials. Online gambling. Lotteries, raffles, gambling. Escort services. Collection agencies engaged in the collection of uncollectible debt, as defined by the Associations. Credit repair agencies. Sports forecasting or odds making.

Looking for a Merchant Service Provider

The number of businesses rigidly sticking to the old, inefficient ways of processing orders and accepting payments, has often surprised their tech savvy counterparts. While it’s true that a number of businessmen who scorn the old charm of receiving cash payments or cashing a cheque, there are scores of businesses that refuse to place their faith in electronic payments. What people need to understand is that when it comes to operating a business in a small team, its best use the latest available technology, so as not to put a burden on your scant recourses. So don’t hesitate to apply for a merchant account if you want to rapidly increase your client base and earn bigger profits, than you had ever thought possible. To succeed in the increasingly competitive business environment, it’s important that you provide your customers with most flexible solutions. Whether it’s the luxury of a home delivery or the freedom to pay through cards, you should be ready to do them all. If till now you have firmly held on to the belief that credit card processing is a complicated costly affair then you need to reconfirm these facts. The truth is that credit card processing in the real world environment is perfectly secure and inexpensive. If you are planning to open a website to further your business interests, an Internet merchant is the most viable payment processing solution currently available online. With a merchant service processor taking care of all your financial transactions you are free to concentrate on the other important aspects of business. Merchant service is a perfect example of how technology can make the life of small business owners easier and more profitable.