Just because your distribution business might not have a retail storefront doesn’t mean changes in the way payments are processed won’t affect you. And, if you conduct over-the-counter sales or have dedicated retail space, you should definitely be paying attention to these changes.
For your business, there are two main elements of credit card processing you should keep an eye on: cost savings and security. Here are some ways to be better in both areas.
1. Stay up to date with PCI compliance
This is a big one. It’s easy to start cutting corners when it comes to credit card processing, especially as regulations have increased over the years. However, it can literally pay to be compliant with the Payment Card Industry Data Security Standard (PCI DSS).
If you have a data breach and you’re found to be noncompliant, credit card companies and banks can levy hefty fines on your company. Additionally, being noncompliant to PCI standards can affect your reputation as a company among customers, and your clientele might rethink doing business with you.
The June 30, 2018, migration deadline from Secure Sockets Layer (SSL)/early Transport Layer Security (TLS) protocols to a more secure form of encryption, such as TLS v1.2 or higher, is one of the biggest PCI compliance changes to be aware of. You can learn more about this change to PCI compliance from the Payment Card Industry Security Standards Council (PCI SSC) here.
You can also stay up to date with PCI compliance standards by paying close attention to communication from your credit card processor. Be sure you have a designated person at your company watching email communication and owning PCI compliance. For information and resources on making sure that your company is PCI compliant, visit the PCI Security Standards Council’s official website.
2. Review your processing fees
Many companies set up their credit card processing once and never look back. However, there may be potential cost savings in reviewing how your current processing affects your fees — you could be losing less money to fees on a different processing platform.
When it comes to credit card processing fees, interchange fees account for the bulk of processing expenses. What are interchange fees? Essentially, an interchange fee is the amount paid between the cardholder’s bank and the merchant’s bank for the acceptance of credit card transactions. As a merchant, you receive the transaction amount less the interchange fee, as well as other markups from your bank and processor.
Visa and MasterCard update their interchange fees twice a year, every April and October. If you’re not on the correct processing platform to receive level 2 and level 3 rates, you could be paying 10 to 90 additional basis points on each transaction. Let’s break this down:
- Basis points are equal to 1/100 of one percent, or 0.01% (numerically written as 0.0001). For example, 20 basis points shown as a decimal point is 0.0020.
Let’s say your credit card processor’s rate is 20 basis points. If your company processes $15,000 worth of sales through credit card transactions per month, then $30 will go toward your processor’s fee of 20 basis points.
- Credit card processing fees are made up of two components — the interchange fee and everything else. This model is called cost-plus pricing or interchange-plus pricing.
- A B2B credit card transaction can qualify at 2.65% + .10 cents (265 basis points plus 10 cents). However, when the correct data is being passed through by using Level 2 or Level 3 rates, the credit card can qualify at 1.85% + .10 cents, saving you 80 basis points on that single transaction.
- For example, this means that if you process a credit card transaction of $5,000 at 2.65% + .10 cents, you could have saved $40 in processing fees on that single transaction with the lower rate of 1.85% + .10 cents.
- This may not seem significant at a per-transaction level. However, if your company did $10 million dollars in business via credit card transactions (keep in mind, that includes business cards kept on an account), you could potentially be saving around $78,000-$80,000 by using Level 2 or Level 3 rates.
Additionally, relating specifically to B2B companies, you can accept purchasing cards (P-cards) and corporate cards from customers and receive wholesale rates for those types of transactions.
Clearly, there’s money to be saved when it comes to reassessing your processing fees and staying on top of the way you process payments.
3. Don’t cut corners when it comes to security
Similar to reviewing your processing fees, there’s potential money to be saved when it comes to credit card security. A simple security safeguard: don’t store credit card data on-site.
In the past, companies may have stored primary account numbers (PANs) of credit cards on-site, perhaps encrypted on the company’s servers as opposed to in the cloud or on some sort of hosted service.
“The general shift over time has been to do less and less of that,” Jeremy Boogaart, VP of Business Development here at SalesPad, says.
Nowadays, by using tokenization and a third party credit card processor, companies can both prevent a data breach and rid themselves of liability in the event that a breach occurs. (Tokenization is a process that replaces the primary account number, or PAN, of a credit card with a representation of that number — a token.) Storing tokens as opposed to storing the actual credit card PAN on-site greatly reduces the risk of your customer’s data being breached and helps you meet security standards with less effort.
“Ultimately, there’s really no good reason anymore to expose yourself to the risk of storing credit cards on-site,” Boogaart warns. “There’s no way that your internal technology team is doing more work and is as on the frontlines of credit card security and data storage rules compared to a payment processing company that specializes in that work.”
While hosting encrypted credit cards on-site is still technically accepted by the PCI SSC, the more preferred option is to tokenize the credit card data and store it in the cloud. For example, users of SalesPad’s Operational ERP software automatically have their credit card transactions, tokenization, and data storage handled through PayFabric, a cloud-based storage engine provided by payment processor Nodus.
4. Don’t lose money to bad payment processing practices
In addition to the previously mentioned tips, be sure to only use payment processing software that has been validated by the PCI SSC. For more best practices, check out the PCI SSC’s Guide to Safe Payments.
Ultimately, only you can maximize your cost savings and minimize the potential for security breaches when it comes to payment processing. Be sure you’re teamed up with systems and third-party companies that strengthen your security, and also make sure that you're implementing smart credit card processing practices. If the worst happens and a breach occurs, you’ll be very glad you took the time to cover your bases.