Merchant Account Providers

Merchant account providers like UniBul enable businesses to accept credit and debit cards for payment. Whether an organization accepts cards in a card-present or in a card-not-present environment, they need a merchant account to do that.

In order for a company to become a provider of merchant account services, it first has to be authorized by the Credit Card Associations of Visa and MasterCard. The process involves a check of the credit worthiness of both the business and its principals, a review of the applicant's business and marketing plans and the payment of the registration fees which are $5,000 for each Association. Although banks, that are members of Visa and MasterCard, can and do provide merchant processing services, more typically they outsource this responsibility to third parties. By doing so, they become sponsors of these third parties in their applications with Visa and MasterCard. Merchant account processors are known as Independent Sales Organizations ISO) when they are registered with Visa and as Member Service Providers (MSP) when they are registered with MasterCard. Businesses apply for both registrations at the same time, through their sponsor bank. Upon approval of the application, the sponsor bank becomes an acquiring bank for the ISO/MSP. This means that it acquires the sales receipts that the merchants, using its payment processing services, generate and it is then responsible for paying the merchant the transaction amounts, minus its processing costs and the interchange fees. In the mean time the merchant processing bank submits a payment request, through Visa or MasterCard, to the bank that issued the card used in the particular transaction. ISOs and MSPs are obligated to display the name(s) of their acquiring bank(s) on every page of their website and other promotional materials. Usually this sign is placed in the footer of the website.

Once registered, ISOs and MSPs can sign up sales agents to source merchants for them. The sales agents, however, cannot advertise themselves as providers of merchant account processing services. They are only authorized to represent the ISO/MSP and must identify themselves as agents to these companies.

Payment Gateway

Definition. A payment gateway is a web-based service that transmits payment information from an eCommerce website to a merchant processing bank. It is the eCommerce equivalent of the physical terminal used by merchants in card-present payment acceptance environments. The collected information is encrypted to ensure that personal data is transmitted in a secure fashion.

How it works. A payment processing gateway connects the eCommerce website's shopping cart with the merchant processing bank's system. The stages of the process are as follows:

• A customer places an order on an eCommerce website and submits his or her payment information.
• The payment information is encrypted using a secure socket layer (SSL) service and sent to the merchant's server.
• The eCommerce gateway then collects the payment information and, after another SSL encryption, transmits it to the merchant account provider's server.
• The merchant processing bank then sends the payment details to the appropriate Credit Card Network (Visa or MasterCard).
• If the cardholder used a Discover or an American Express card, the payment processing provider serves as an acquiring bank and decides whether or not to authorize the transaction; then forwards the response to the merchant.
• The Credit Card Network forwards the transaction to the card issuing bank.
• The Issuer either authorizes or declines the transaction and sends a response code (through the exact same channel) back to the merchant bank. The response codes for declined transactions provide details for the reason the transaction did not get approved.
• The merchant processing bank then sends the response code (through the eCommerce payment gateway) to the merchant's website and it is presented to the cardholder.
• The whole process, from submitting the payment to receiving the response, takes seconds.
• The merchant then provides the service or ships the product and settles the transaction. It is very important that transactions do not get deposited prior to the product being shipped. If the cardholder notices the charge on his or her card statement or transaction activity (now available online in almost real time), prior to receiving the merchandise, the transaction may be disputed, initiating a chargeback.
• At the end of the business day, all authorized transactions (also called a "batch") are submitted to the merchant processing bank for settlement.
• The merchant bank then deposits the total transaction amount, minus interchange fees and processing costs, into the merchant's bank account.
• The entire process takes approximately 2-3 business days.

Card payment processors typically provide eCommerce gateways as part of the merchant account. They charge a monthly fee for the service ($10 - $25) and may charge a fee for the set up as well. Every major online payment gateway supports the latest fraud prevention solutions, including the Address Verification (AVS) and Card Verification (CVC2, CVV2, CID) services.

Here is our solution.

What Is a Merchant Account?

Definition. A merchant account is a payment card processing service that a merchant bank provides to a merchant (it is the type of service UniBul provides). It represents a form of line of credit that the merchant bank extends to the merchant and it allows the merchant to accept the card brands, specified in the processing agreement.

How it Works. When a merchant accepts a cardholder's payment information, it is transmitted to the merchant bank. The merchant bank then pays the merchant the transaction amount, minus the interchange fees and the processing costs, and submits a payment request to the bank that issued the card used to make the purchase. The issuing bank then pays the merchant bank the transaction amount, minus the interchange fees, and posts the transaction on the cardholder's monthly statement. The cardholder then pays the issuing bank to close the cycle.

Types of Merchant Accounts. There are a number of different merchant account types but the most widely used are:

• Card-Present Merchant Accounts. This type of merchant account service includes all payment processing solutions that use payment terminals to read the account information from the magnetic stripe of a card that is swiped through. Because the merchant is in actual possession of the card (hence, card-present) as the payment is being made, these merchant accounts are considered less likely to generate fraudulent transactions and enjoy lower processing rates.
• Card-not-Present Merchant Accounts. Included in this group are all card payment processing services where the card account information is manually entered into the merchant bank's system, using a web browser or a telephone keypad. The card itself is absent (hence, card-not-present). Because the merchant is never in possession of the card and the information is given to him or her, card-not-present transactions are considered more likely to generate fraudulent activity or processing errors and are processed at higher rates. There are two distinct sub-groups here:
  
  • ECommerce Merchant Accounts. These merchant accounts are used by web-based merchants and enable consumers to enter their payment card information into a payment form on the merchant's website. Once submitted, the payment details are automatically transmitted, via a payment gateway, to the merchant bank.
  • Mail Order and Telephone Order Merchant Accounts. Also known as MO/TO merchant accounts, these payment acceptance solutions enable merchants to enter the payment information, provided to them by their customers into a form on the merchant bank's payment system's website or, using a telephone keypad, to call it into the merchant bank's system.

Interchange Fees

In the payment card industry interchange is the fee that an acquiring bank pays to a card issuing bank when a card (issued by the card issuing bank) is used to pay for a product or a service, provided by a merchant who has a merchant account with the acquiring bank. The issuing bank pays the acquiring bank the transaction amount minus the interchange fee. The acquirer then pays the merchant the transaction amount minus both the interchange fee and its own payment processing cost.

Interchange rates are published annually by both Credit Card Networks - Visa's and MasterCard's and are available for everyone to see. They represent the largest chunk of the total transaction processing costs that merchants pay for accepting payment cards. Various estimates put their share at anywhere between 70% - 90%. Interchange rates are typically comprised of a percentage of the transaction amount (for example 1.94%) plus a fixed fee (for example $0.10). Various factors come into play when interchange fees are established. Generally, payments taken in a card-not-present environment are processed at a higher interchange than payments taken in a card-present environment. That is the reason why eCommerce merchant account and MOTO merchant account users pay higher processing fees than, say, retail merchant account users.

Since interchange rates are set by Visa and MasterCard, merchants have no leverage over them. It is, however, important to know what they are, so that, when negotiating with prospective merchant account providers, you will know exactly what you are being offered. There are several merchant processing pricing structures and this article will not go over all of them but probably the best model is the pass-through one. It works by simply adding your merchant services provider's processing cost to interchange, ensuring that every single transaction is processed at the same rate. You will only have to make sure that these processing costs are not inflated and a simple referral to the interchange chart will help you do just that.

See how we have structured our own interchange pricing model.

Merchant Requirements for Securing Cardholder Information

To protect your merchants, cardholders, and the integrity of the payment system, each of the credit card processing companies has in place a set of requirements governing the safekeeping of account information (UniBul very much included). Following is a brief overview of the most critical aspects of those requirements.

Storage of Cardholder Information	Do not store the following under any circumstance: Full contents of any track from the magnetic stripe on the back of the card. Card-validation code-the three-digit value printed on the signature panel of a MasterCard, Visa, Discover Card, JCB, or Diners Club card, and four-digit code printed on the front of an American Express card. Store only that portion of the customer's account information that is essential to your business-i.e. name, account number or expiration date. Store all material containing this information (e.g., authorization logs, transaction reports, transaction receipts, car rental agreements, and carbons) in a secure area limited to authorized personnel.
Destruction of Cardholder Information	Destroy or purge all media containing obsolete transaction data with cardholder information.
Use of Agents or Third Parties (Vendors, Processors, Software Providers, Payment Gateways, or Other Service Providers)	Advise each merchant account provider or credit card processing contact (representing each of your card brands) of any agents that engage in, or propose to engage in, the processing or storage of transaction data on your behalf-regardless of the manner or duration of such activities. Make sure these payment processing agents adhere to all rules and regulations governing cardholder information security. Any violation by your card processing agent may result in unnecessary financial exposure and inconvenience to your business.
Reporting a Security Incident	In the event that transaction data is accessed or retrieved by any unauthorized entity, notify the merchant services provider or merchant processing contact for each card brand immediately. This report will not only minimize risk to the payment system, but protect your customers in the most responsible manner. Systems and procedures are in place to immediately stop the unauthorized use of compromised data, but are effective only when you (and every small business merchants accounts provider) do your part to promptly report a security incident.