Credit Card Processers for a consumer internet site

Joan
I don't have direct answers but I can point you to a specialist/expert in this area. Feel free to contact Doug Rodewald, VPat W Capra Consulting Group and put your questions to him. Doug is at [email protected] or (312) 873-3265.

He and his firm have deep experience with small and large customers in processing card payments in a PCI-compliant way and cost effectively.

Best regards

Len

Joan, virtually everyone processing CCs these days is PCI compliant. If not, they are almost certainly tied up in fringe or illegal activities b/c no company in their right mind would work with anyone else. That said, have you tried your business bank? All major banks and most big regionals do CC processing, and in my experience they are all within a few cents of one another on pricing. But do get pricing from at least three providers and play them against one another. You will always get better pricing from them by naming who they are bidding against as it's a dog-eat-dog business.

Separate from clearing you may need a CC gateway, like PayPal, Authorize.net and others. Like processors, bid it out. Also, make sure you like their web reporting and check references on how easy they are to work with when it comes to resolving processing issues. You'd be amazed at how many transactions will get hung up in the systems. And with the small size of your transactions, this could become a real cost issue.

Having built customer CC storage at a past company I can say that this is something you can insource or outsource. We insourced it b/c we had a highly customized shopping experience, but you can outsouce it these days to any number of providers. I think this is preferable b/c you can lay off some of your liability this way, but you will have to work within their technical constraints. Make sure your engineering team is in on your discussions with these service providers b/c they will be the ones doing the integration.

To your other questions, the more info you can collect, the more identification points the processor has and thus the lower their risk. People are so used to giving CVV I would recommend baking that in to your forms. Address Verification is a great thing for reducing risk, but it leads to a ton of processing holds. As you can imagine, everyone has different address forms and the processors will rather kill a transaction than accept a "close but not perfect" match. Although depending on the processor you may get them to validate based on zip code rather than specific street address.

Get the full rate card from every processor. The hidden charges, like with all banks, are when things go wrong. Do they charge you extra for incomplete info on a transaction, for error correction, for taking phone calls (do they have phone support?), etc.. They will nickel and dime you to death if you let them. I would recommend building a simple analysis with 1,000 "typical" transactions and a certain number of errors/issues that are fee generating for the processor. Then run that model against every bid you get. Apples to apples.

I agree with what others have said, but if it is helpful, I have used Authorize.net in the past as my gateway and was very happy. Their support was very good if I ever had a problem. Integration into our website and shopping process was pretty easy. I chose my bank (Wells Fargo) as my processor. They were reasonably competitive with others up front, and over time as our volumes grew I got really good rates. I also liked the fact that I already had a good relationships there to get things done. PCI compliance is an issue and especially for you if you are going to store cc info locally. It has been a while since I was in the details of this, and I am not an expert at PCI, but if you can outsource the storage of cc info and still recall the info when your customers return to your site, you might avoid some of the PCI compliance issues you would have to tackle if you store the cc info locally.

I used both address verification and CVV. CVV is easy. Address verification may be worth it as well, but does lead to more valid orders getting placed on hold until you can contact the customer.

My thoughts, hope they help.

PayFlow from PayPal was not my favorite. I used them in a medium volume online media company and although their system worked fine (not great, but a reasonable amount of issues and errors - you never find perfection in these services), the online reporting was bad. Really bad. Perhaps it's better now and it has been 2 years since i used them, but trying to coax useful info out of their system was just plain frustrating. Also their pricing was not great. Once again, YMMV as they say. Good luck.

I really appreciate the advice from you all. I am getting a competetive bid and thanks for the heads up on the problems with address verifications; I will check out the idea of just matching zip codes. Sounds like outsourcing the Credit card data storage is the way to go from a PCI and data security viewpoint.

Best

Joan

Joan,

CVV and AVS (Address Verification System...inputting customer billing zip code) are good tools for reducing fraudulent transactions.

Other advice would be to get "pass-through" or "cost plus" pricing from any payment processor. Note that many payment processors can also offer you a gateway or online shopping card service so that you don't have to have two different relationships.

I used to work at Elavon, third largest processor in the U.S., and they are a good shop. Feel free to contact Morna Kennedy there and she can provide some online integration options and provide competitive cost plus pricing.

Morna Kennedy