Slashdot Log In
Finding the Right Online Credit Card Merchant?
from the who-processes-your-credit dept.
"I have personally used Cybercash and Ibill for business to consumer type of online transactions and have successfully brought these into production use, but I am about to start a new project where this decision will be needed and would like to know... Which online merchant do you use and why? Also, which merchants do the major players (Amazon, et al) use?
Please spare me the hype about B-2-B and the 2/5/7 trillion dollar industry that it will become. It may become a big deal, but you can bet that the major companies are the ones who will be landing these types of contracts, not you and me. I still think the B-2-C industry is viable and there are many facets that have yet to be explored. There are opportunities for individuals and small companies to "merchantize" Web sites, as long as it is not prohibitively expensive from the online credit card merchant."
Long-term viability of B2C model (Score:4)
What can I say? I think you're wrong in assuming that small B2C sites are viable in the long term, and you're going to be wasting your time unless you're offering something that cannot be found elsewhere. And let's face it, this isn't likely. Most specialised market sectors already have thriving international mail order areas, and you'd be competing with those.
Only a few of the major players around today will be the ones to survive the B2C backlash which has begun. Amazon probably will since it has a decent customer base and a good brand name, but smaller sites, such as yours I assume, will find it hard to compete against larger and/or more established competitors that can make savings you cannot.
On top of that the security issue is a major one. As a consultant I've often seen companies involved in managing online financial transactions that could be hacked into by my little sister, let alone someone who knows what they're doing. To be truly secure you either need to go with a large, established player who has a decent reputation or, even better, develop your own. Not easy, but secure and you know nobody's going to be selling your customer's information but you.
---
Jon E. Erikson
Similarly (Score:4)
I'd like to find one that isn't for the sort of 'dumb webadmin' where they run all your shopping carts for you. I want a proper one that I can invoke from my own server, presumably by https that will leave my site feeling proper and professional.
Certainly I'm not overly impressed with some credit card systems online. The worldpay one is ugly and kept spawning new windows and using javascript refresh's to the point that even I (who regularly have about 50 windows open) was struggling to keep the plot. I've had other ones that dont properly track users and due to the fact that my modem connection broke midway through ordering they billed me twice (even though i was using a fixed IP dialup at the time i think). Surely that sort of inefficiency is inexcusable - especially considering 5 months later they STILL haven't refunded the money. Not wanting to name names [uk2.net] there are better places to get domain names like www.freeparking.co.uk.
bizrate could probably help you (Score:4)
Various options (Score:5)
1) traditional merchant account (about $30 a month) + lower discount (% of each charge, usually 1.5%-3%) + per-charge flat fee ($.25 to .35).
All the major players have decent methods for integrating their system into your site, everything from hosting the whole shopping cart to various flavors of "your cgi page calls our cgi page, we do the transaction, we redirect back to some cgi of yours with the results". The hackery involved is trivial.
After having problems with one provider who had an annoying habit of randomly double-charging customers, I settled on Anacom [anacom.com] and they've been flawless. They've also been around a while.
Option 2 - charge without a Merchant Account. You pay about 1% more on the discount, but unless you're doing $3000 a month in sales or more, you still come out ahead. ProPay [propay.com] seems to be the leader here, but I have no personal experience with them [some of my SelfPromotion.com [selfpromotion.com] users have recommended them, though.
3) Indirect, using a web-bank service like PayPal [paypal.com], which just announced a business service. The rates seem a little better if memory serves, but the downside is that people have to be paypal users to use it. My advice is that you should offer PayPal as an OPTION along with (1) or (2) above.
Best,R
Re:Long-term viability of B2C model (Score:3)
Firstly, I don't think Amazon is going to survive long term. Yeah, they'll still be there in another 1-2 years, but to me that's short term. I don't think Amazon is gonna make it another ten years. Anyway, we'll have to wait and see how it plays out. They can't continue to hemorrhage money and stay in business, no matter how many customers they have. It's simple economics. Once the VC cash is spent and there's not profit, there's nothing but Chapter 11.
Secondly, while I don't think that the B2C model has much of a future on the web, I do think that the web offers smaller merchants and individuals an opportunity to reach a larger market with their unique wares for less money than any other currently available method. You're right though, the company or individual must be offering something truly unique in order to survive. However, in the case of individuals or extremely small companies (2-5 people) their survival needs (in terms of income) are modest compared to the big guys, like Amazon. So, it will be easier for an individual to keep an ecommerce site going as long as the balance sheet is positive.
While we're at it, I'll touch on the security issue. Yeah, security is paramount. You must protect the information that the consumer has provided to you from theft by others. This is really a liability issue. You don't want to get sued. As for your statement that no one else is selling your customer's info, well that's just preposterous. Banks, credit card processors, and credit reporting agencies are selling your information all the time. Why do you think you keep getting all those cold calls from companies you've never heard of, trying to sell you crap you don't need? It's because you have a credit card and everything that you've ever bought with it is available to the highest bidder.
You have no privacy, get over it.
Ones to avoid... (Score:3)
These are, netbanx.com and planetpayment.com.
Reasons:
Netbanx: thoroughly unprofessional, aimed at the idiot using Frontpage or Actinic Catalog, no answer whatsoever at technical support (that's both email and phone, folks), took 2 MONTHS to set up the account, obscene charges, takes 60 days for Netbanx to release payments to the account holder.
Planet Payment: have been trying to set this account up for over 5 MONTHS now, have been sent usernames and passwords for their 'payment gate' only to find that they don't work - to be issued with some more, again not working passwords, very US centric, and obscene requirements (we had to fax copies of the director's damn PASSPORTS to them!).
--
jambo
system.admin.without.a.clue
There is no good deal for CCs on line (Score:3)
So, choose who you want, but you won't get a good deal.
Check out datacash.com in the UK (Score:4)
As far as I can tell, we're the most clueful PSP in the UK. I think we're the only ones to have done a proper re-implementation of the banking protocols, and our solutions are implemented using Perl running on Linux. Our client-side code is all open sourced using the X11 license, and we provide Perl, C, and Java implemetations for Unix and NT, as well as more than one shopping cart implementation. And we have some really cool stuff lined up, including eFalcon fraud detection and some other things I can't talk about just now.
My work address is what you might guess (the local part is "paul"), so feel free to mail me any questions, though where appropriate I reserve the right to pass them on to the enquiries address in London!
--
Serious Advice (Score:3)
On two points:
First, Whoever you go with, read the terms and conditions before you sign up. They do differ, and if you're in the US, your protection against unfair contract terms is very weak indeed (by the standards I'm used to). A couple of hours patient and careful reading (using a photocopier to blow the small print up to A3 helps lots) and comparison will pay dividends. It's rarely harder to understand than source code, and usually a lot easier.
If there's anything you don't understand, that's what lawyers are for (and, incidentally, pitching up with a prepared list of questions will endear you no end to your lawyer and take quite a lot off the bill.).
Second, If you're in the UK, or for that matter anywhere in the EU that has already implemented the Data Protection Directive (I think everywhere has), then you have an obligation to make sure (no further than asking, nicely, for a warranty that this is so) that the card supplier has proper data protection in place.
I've had more than a couple of these across my desk in the last three months, and most of them refer to the last Data Protection Act (the 1984 one now nearly completely defunct) and none at all - prior my ministrations - spoke at all of the need for someone in the relationship to take care of the obligation to process data fairly.
As usual, this is general advice - and on the first point about as general and obvious as "don't forget to eat, sleep and breathe" - not specific recommendations for your circumstances (which I'm almost certainly not licensed to give in your jurisdiction). Anyone daft enough to rely on stuff they find on the web when making decisions that might cost them money or liberty is probably dim enought to try suing in spite of a clear disclaimer, so I'm not really sure why I bother with this.
From the processors point of view... (Score:4)
There are a number (over a dozen) small companies like ours that offer credit card processing and do it better (in many cases) than the big guys. You get better rates and MUCH better customer service will a smaller company.
There are other things you need to watch for that credit card merchant providers don't tell you:
1) Many merchant accounts have a ratio of USA to International credit cards they can accept (example, you must processes 5 US cards for every 1 international card to maintain the lowest rate).
2) There are always hidden fees, make sure you understand them. The common fees including a minimum monthly amount, statement fees, address verification, voice processing, chargeback research, mailing fees, keyed vs non-keyed rates, etc....
3) There are a lot of people that advertise low merchant rates but they are quoting "Merchant is present, you see the card and you have checked the person's ID" rates. The fine print might state that the "MOTO" (mail order-telephone order) rate is a full percent higher (and more in some cases)
4) Make sure your gateway uses some form of encryption. Many gateways out there, including some very popular systems, provide binary files for their API and you have no way of knowing how it works and if it is secure or not.
Plug:
We private label our API seprately and as part of our instant e-commerce builder at http://www.n2plus.com. Lowest rates around. E-mail me directly if you have more questions, I've been processing credit cards on the net for 6 years as a business.
Re:How does PayPal do it? (Score:3)
Hi Dan!
Funny you should mention this. The question of whether PayPal is liable in the event of a fraudulent auction is very much in the news (here is the article on MSNBC [msnbc.com].
Short version: some wise guy auctions off hard drives on Yahoo! to a steady stream of customers. Encourages auction "winners" to pay by PayPal. Those who paid by check got their mail back from the U.S. Postal Service saying no such address exists--those who paid by PayPal got zip.
PayPal is emphasizing that they are a means of facilitating exchange between two parties--they are not a credit card, and they are not a bank. Their terms of service explicitly deny any responsibility to either party in a transaction if the other fails to do something (like ship the goods).
In other words, PayPal is covered legally. How PayPal will fare in the court of public opinion may be another question. And yet another question is whether PayPal will be able to escape the attention of the U.S. government. What PayPal is doing, after all, looks very very much like a bank processing EFT (electronic funds transfer). The courts are going to laugh at Indianapolis regulating video games--but they won't have any problem at all with the idea of the federal government banking authorities regulating an e-business that looks, walks, and sounds like a bank.
I'll reply in another note on a slightly different thread.
Re:How does PayPal do it? (Score:3)
Hi Dan!
The way PayPal works is that each person is depositing money with PayPal. You can deposit money with PayPal by writing a check, by charging your credit card, or by giving PayPal permission to charge your card. PayPal permits you (the whole point is to encourage you) to trade PayPal play money with your friends--such as on auction sites. PayPal promises that any time you want your money back, they'll send it--by crediting a credit card, or sending a check, etc. The result is that PayPal is the merchant that is charging the credit card--not the seller in an auction. Both the buyer and the seller are PayPal customers.
Note that PayPal is free. How do they make money? MSNBC notes that they have racked up 2.4 million customers. If each has $50 in PayPal credits, that's $120 million of no-interest capital that PayPal has to play with. Given the number of semi-pro computer hardware merchants on EBay that are hyping PayPal, I'd bet that they have even more money than that. Even at a meager 5% return on investment, that's $6.0 million per year in revenue. Not bad for a B2C e-commerce business.
I have looked into the same thing. I'm a (very minor) official of the U.S. sanctioning body for one of the horse sports. Our competitions are organized by local promoters--each promoter will typically run one or two events a year. A lot of organizers want to take entries over the Web--but accepting credit cards is a stumbling block. (More precisely, paying a $35 monthly fee 12 months out of the year in order to accept payments in the month of August puts a lot of people off.)
The financial and technical solution is to have the sanctioning body act as the merchant--the money is paid to the sanctioning body, which in turn transfers funds simultaneously to accounts managed by the local organizer. This is much more palatable for the credit card processors--they get a large organization processing hundreds of thousands of dollars per month. BUT--it requires a measure of trust between the local organizers and the sanctioning body. That's why I said we have the financial and technical solution, as opposed to the political solution. (The organizers pay fees to the sanctioning body--they fear, probably correctly, that some day some bright light is going to realize that the sanctioning body could just take the fees right off the top. They want their money, and they want to determine how much gets paid to the sanctioning body at what time.)
If this looks at all like your situation, I think the financial and technical part is easy. The really big question is the political one--is there a strong bond of trust between the small not-quite-merchants and the parent entity? If there is, then the solution works. If there is not, I'd strongly recommend not pursuing this--just a little bit of mistrust can lead to terrible squabbling.
My two cents (minus 14% transaction fee) (Score:4)
As several people have noted, you basically can choose to get your own merchant account, or use a third party to effectively resell your goods or services. That's the easy part.
Getting a merchant account for an online-only business is very difficult. If you've been in business for at least two years in the real world, it will be easier.
However, I would strongly advice against the merchant account approach unless you're willing to provide real live customer service at least 12 hours a day, 5 days a week. 24/7 is better.
A key metric that credit card companies look at is chargebacks. Chargebacks are when a consumer disputes a charge, claiming either that they didn't make the charge or that the goods/services were not as advertised.
If you go over 1% in chargebacks, watch out. If you hit 2%, you're all but certain to get your merchant account revoked.
That sounds easy (just run an honest business, right?), but it's not. Credit card companies exist to serve the consumer, not businesses. Many consumers have found that it's easy to get free stuff by disputing lots of charges, especially internet charges. The burden of proof is on you to show that every one of these people did actually get and use your goods/services.
Hopefully I've convinced you to use a third party processor. Now, the question is who. This comes down to three key elements:
1) Are you selling goods, services, or both? Services include web site access ir intellectual property.
2) Are you in the adult entertainment industry?
3) What monthly transaction volume do you expect to do?
The first question is critical. Paypal only does tangible goods, Ibill only does services. You've got to find a processor that handles your kind of transaction.
The second question is important. Many processors refuse to to business with adult entertainment companies because, let's face it, many of those companies are unscrupulous, unprofessional, and untrustworthy.
Chargebacks are typically higher with adult content, both because many adult businesses are misleading ("FREE! Just give us your CC# to prove your an adult" often turns into a $59.99 charge), and because consumers are more likely to dispute adult charges ("No, Honey! I would never have signed up at cumslurpingteens.com! Someone must have found my credit card on the internet! I'll dispute the charge!")
And, finally, the third question (processing volume) will determine how seriously you are taken by your processor. If you can pull about us$20,000/month or more, you'll start to get some special treatment which will reduce chargebacks and generally make life easier. If you're going to be doing this kind of business, ask your processor if they have a premium accounts department, and what the threshold is to qualify.
Ok, so we've covered picking a processor based on your needs. Now let's move on to things to look out for:
1) Retroactive fees/chargebacks. One of the large processing houses really screwed its clients over a year or two ago by imposing huge, retroactive fees. Basically the processor (DMR, if I recall correctly) got in trouble with Visa for too many chargebacks, and Visa levelled a multi-million dollar fine, as specified in the merchant contract. Rather than eat this fine, DMR passed it on to their clients -- by withholding their revenue until they had met their portion of the fine. Ouch! It was ugly. Check to make sure your processor won't do this. Look for language in the contract that is fishy.
2) Financial stability. See #1. Do some research to ascertain that the processor is stable, pays on time, doesn't bounce checks, etc. Ask for references, how long they've been in business, etc.
3) Internet connectivity. If people can't get to your processor, they can't pay you. Is your processor colocated on both the east and west coasts at a Tier 1 provider? Or do they have a 384kbps frame from Joe's Internet Service in Milwaukee?
4) Internet political considerations. Ibill has been in several well-publicized scrapes with the RBL, but it looks like that may be over. That probably means the RBL will turn their attention to other processors. Much as I think the RBL is a bunch of power-hungry thugs, they bear paying attention to. Check that your provider has anti-spam policies, doesn't specialize in hosting spammers' accounts, and ask if they promise to capitulate to any demand the RBL may make. It's ugly, but there's not much you can do about it.
You'll note that nowhere in here do I mention rates. Expect to may almost 15% for a respectable processor that also handles customer service. Yes, that's a lot. But it's cheaper than having a full time employee to answer the phone (Visa and MasterCard merchant account contracts explicitly say that real live people must be available by phone). As volume increases, you'll pay less. But it's worth it at 15%.
Hopefully that's been helpfull. I have a lot of experience in this area, and would be happy to share more specifics. Drop me an email if interested.