Compliance Fees & Non-Compliance Fees

A large number of businesses have recently received notices on their monthly merchant statements that indicate that beginning in the next month or 2 their processor will be charging a monthly compliance fee of $19.95 or some other random number.  If you get one of these notices you need to run to your phone and call your processor and ask them to explain what it is.  One merchant was told it was the cost that they were incurring to bring their systems into compliance with VISA and MasterCard’s data security standards.

It’s nice that they want to simply increase their charges but constantly updating systems is part of being in the card processing industry.  How is it right for them to charge you extra for something that is just a cost of doing business?  It isn’t! 

Another version of this has them requiring businesses to subscribe to a third-party certification company to document that the merchant is in compliance.  The cost for that service is usually around $350 or so and who knows how much of that goes back to the credit card processor.

You need to read the notices on every month’s statement for any notification that rates are going up.  The costs from Visa and MasterCard are still essentially the same (with some minor modifications) as they were a couple of years ago.  You should  NOT be paying more than you were before.  You can view the wholesale rates being charged by Visa and MasterCard on their websites and looking for the link to “Interchange Tables”.  Compare those rates to the ones shown on your monthly statements.  If you don’t see the same rates, you need to change processors to a company, like Heartland, that provides Interchange Plus pricing.  For more information on Heartland’s commitment to fair pricing visit www.merchantbillofrights.com and see what you should be getting.

Remember, it is not your job to pay additional because your processor needs to update their systems!

Have a great day.

Michael Matfess

October Deadline For Truncating Receipts

First, sorry it has been so long since my last post.  I always have good intentions but as we all know, the road to hell is paved with good intentions.

Second, I want to make sure all merchants who accept credit cards are aware that beginning in October you MUST truncate the customer’s credit card number on ALL receipts.  Up until now, you only had to truncate the number on the copy you were giving to the customer.  This is changing and you need to look at your receipts right now and make sure that your copy isn’t showing all 16 digits.  If it is, call your credit card processor immediately.  It is a quick fix and a brief download to your terminal.  If this is a problem for them, you need to change processors, IMMEDIATELY!

It is your obligation to protect the credit card numbers of your customers.  Even if you don’t have a security breach, you still don’t know if one of your customers decides to stop patronizing your establishment because he sees the slip has his card number on it.  It’s simple, it’s free, just do it!

 

Michael

Why Truncate?

We all know that our credit cards have long account numbers that, along with the expiration date, are pretty much all a thief needs to spend our money.  Consequently, it is now required that the customer copy of the credit card receipt have the account number truncated to only show the last 4 digits and it may not show the card expiration date.   Please note this is the CUSTOMER’s copy not your copy. 

So, if it isn’t required to truncate the merchant copy, why do it?

Let me first turn this around and ask, “why not do it?”  Once the transaction has been processed and approved through your credit card terminal, why do you need the entire account number and expiration date? The answer is you don’t.  But, by not doing it you have now created a potential data exposure that can cost your company hundreds of thousands of dollars in fines, audit costs, and lawsuits.

Call your credit card processor TODAY and ask them to update your terminal to “truncate both copies” of the receipt.  If they won’t do it FOR FREE, call me at 617-650-2552; we need to talk!

Michael

Welcome to the Merchant Rights Blog

My name is Michael Matfess and I am a relationship manager with Heartland Payment Systems. Heartland is a direct processor of credit cards that focuses on the needs of the business owner. I decided to start this blog as I have seen a lot of confusion in the marketplace regarding your rights as a merchant who accepts cards as well as your responsibilities. Right now, data security is the hot topic for any business that accepts credit cards. You can pick up any newspaper in any city in the country and see another story about identity theft or stolen data from retailers and restaurants.

One reason I started this blog is that many small to medium sized business owners seem to feel they don’t need to worry about this. They think that the ‘bad’ guys will only target the large chains. Well, if you count yourself in this group, you couldn’t be more wrong. Ask yourself this question: “Is it easier to break into Fort Knox or a local jewelry store?” Sure, the prize is larger at Fort Knox but so is the work. Now, if you break into a jewelry store the most valuable pieces are probably in a safe that is fairly difficult to get into. But, what is sitting on the desk in the back office? The day’s credit card slips or the batch report or a scribbled note that Mr. Smith called in his credit card number so his son could pop in and pick up the lovely necklace he wanted for his wife.

So, here is rule #1 for the business owner:

DO NOT LEAVE ANY CREDIT CARD SLIPS/RECEIPTS/REPORTS THAT SHOW CREDIT CARD NUMBERS AND EXPIRATIONS IN AN UNLOCKED DRAWER OR CABINET!!!!!

Now, let me tell you what one of my customers said to me when I suggested this. He told me that they have a great security system and his office was secure. I then asked about when the building was occupied and he told me he trusts all his employees completely. I then complimented him on how clean the offices were and asked if they did it during the day. “Don’t be silly, the vacuum would be too loud to get any work done. We have a service that comes in every night.”

I smiled, leaned forward, and said in a very soft voice “And I assume the cleaning crew is also above reproach, too?”

Fortunately, he laughed and agreed that he needed to re-think his data security.

That is my suggestion to all of you for today. Take a moment and ask yourself what you are doing with your customers’ credit card numbers when you aren’t personally there to watch over them.