|Sun Feb 20 2011 18:10:36|
Moving Up to a Merchant Account - Reader Feedback
By: Ina Steiner
We received several letters commenting on Sunday's article, "Ecommerce Strategy: Moving Up to a Merchant Account," which you can read here.|
To the Editor:
AuctionBytes' article encouraging small online sellers with sales of $750 - $1000 a month to sign up for merchant credit card accounts is VERY misleading. Even if a seller could save 1% of the fee on each transaction (NOT LIKELY TO HAPPEN unless you have an enormous volume of monthly transactions with a high average transaction amount), the "savings" would be $7.50 a month on $750 of sales. That doesn't begin to pay even the monthly charge for a merchant account, which is typically $25 - $30 (to say nothing of all the add-on fees).
Clearly, even if the total merchant account fees were 1% less than those of Paypal, you would have to have consistent volume in excess of $2500 - $3000 before you'd have any savings at all from using the merchant account.
Of significant concern are the add-on fees (statement fees and many others) that are added to the basic fees charged for merchant accounts. When you have a merchant account, your monthly statement is full of fees with strange names that add up to a significant amount. I believe it would be a challenge to find a merchant processor with overall fees (i.e., ALL fees added together) that are as low as Paypal's business user fees.
Total fees depend on the percentage you pay on the total amount of the transaction as well as on the size of your individual transactions. If you have a lot of small transactions (with ANY processor), your fees are going to be a very high percentage of the transaction amount because (regardless of the percentage you pay on the total amount of the transaction), you're going to be paying a set additional amount per transaction.
Example: If you have 2.9% fee and have a single $100 transaction, you will incur a $2.90 fee plus one per-transaction fee of usually somewhere in the $.30 range. Your total cost for taking a charge on that transaction is 3.2% ($2.90 + $.30 = $3.20). If instead, you have 10 transactions of $10 each, you pay the same $2.90 fee but you also pay 10 per-transaction fees of $.30 each or $3.00 for a total of $5.90 so that the cost of taking charges for those 10 transactions totaling $100 is now 5.9%. The larger the number of small transactions you have, the higher your actual credit cost is going to be and the more important the exact amount of your per-transaction charge is going to be.
And, worst of all, this article ignores Paypal's seller protection, which is unique in the credit card industry. IF YOU FOLLOW PAYPAL'S RULES (plainly stated on their site), a merchant has a great deal of protection against customers who try to claim nonreceipt and other scams. There is no (AND I MEAN NO) comparable protection with merchant accounts.
Just as with Paypal, you could use a merchant account for several years and never have need of this protection, but when you have a transaction go wrong, you quickly learn that the processor does not in any way stand behind the merchant. The customer is always right.
The one merchant quoted in the article cites worries about Paypal's buyer protection. Merchant accounts also have "buyer protection". It is, simply stated, "the customer is always right unless the merchant can prove otherwise beyond a shadow of a doubt".
The difference between Paypal's approach and that of companies offering merchant account is that Paypal's rules are written down and a seller can contact them by phone and by email. With a merchant account, the seller has no rules to refer to and is often subject to incredibly tight timeframes in which to produce documentation.
When I had a brick and mortar store, a merchant account was a necessity, and I feel sure it still is for in-person merchants. Our monthly credit card fees were consistently about 5% of the credit card transaction total. I did considerable research before going with Costco's processor (a different one from the one they currently offer as this was 10 years ago).
As an online-only merchant I wouldn't have a merchant account again unless Paypal either raised its fees sharply or changed its seller protection rules significantly.
(an active eBay/Etsy/website seller with no employees and sales in the $8000 per month range)
To the Editor:
AuctionBytes' recent article concerning moving up to a credit card merchant account is a good primer save the section on PCI DSS compliance. As a PCI DSS Qualified Security Assessor (QSA), I can tell you that there are two fundamental errors in the article.
The first error speaks to the largely misunderstood notion of compliance to begin with. In Mr. Holden's piece, he mistakenly states, "PCI DSS stands for Payment Card Industry Data Security Standard, a set of requirements governing credit card transactions." PCI DSS is a security standard designed to secure a merchant environment - not a set of transactions. Though information and network security will govern the protection of data in motion, it is only one part of a holistic approach to securing an environment.
The second error in the article stems from the following statement, "The good news is that if you sign up with a marketplace like TIAS.com, you "inherit" their PCI compliance so you don't have to worry about this." This is just flat out wrong. A merchant never inherits the PCI DSS compliance of one of their vendors.
If you accept credit cards, there are requirements you must meet outside any work that your vendors have undertaken. There also could be significant security measures that you (as a merchant) may need to implement depending on factors such as:
1. Whether you accept credit cards in more than one way
2. The type of connectivity you have into your environment
3. If you store cardholder data after authorization
4. What type of data you are receiving from your vendors and how it is distributed to you
I understand that PCI DSS can be a tricky subject for newcomers and daunting for others as well, but we must ensure that we don't gloss over the depth and breadth of the standard.
At its core, PCI DSS helps protect merchants against a data breach-which can become an extremely expensive event. I highly suggest that anyone considering a credit card merchant account fully investigate the processing method being proposed and seek out the advice of a security professional (and preferably a QSA at that!) to understand how it will impact their business.
Greg Rosenberg CISA QSA
Comments (29) | Permalink