With technology rapidly developing, there are some major subjects related to payment processing that business owners need to be paying attention to as we enter the new year.
To get clarification on some of the most talked about topics, Hardware Retailing got in touch with representatives from North American Retail Hardware Association (NRHA) Business Services partner Clearent, a company dedicated to providing retailers with credit card processing and payment service opportunities. Clearent answered questions about payment trends, best practices and technologies. To learn more about Clearent, click here.
Hardware Retailing (HR): What topics related to payment processing should independent retailers be paying attention to right now? How do these topics impact independent retailers?
Clearent: There are a few topics that are necessary to touch on.
- EMV chip cards. Everyone has them and by accepting them, business owners won’t be financially liable for counterfeit card fraud and retailers reduce their liability in the event of a chargeback dispute.
- Near Field Communication (NFC). This is the technology behind Apple Pay, Google Wallet, Samsung Pay and any other contactless payment sources. It allows retailers to take payments quickly and lets customers pay by tapping their phone to the payment terminal.
- PCI DSS Compliance. Business owners can achieve this by following the Payment Card Industry Data Security Standards, often called PCI for short. The standards are a set of technical and operational requirements to protect cardholder information. Essentially, PCI DSS are the rules of engagement for processing payments. PCI aims to ensure that all entities accepting, storing, processing or transmitting card information maintain a secure environment. When retailers stay compliant, they are part of the solution and limit the threat of data compromise and breaches.
HR: Can you elaborate on PCI Standards? How can a retailer determine if they are in compliance, and what are the consequences if one is not compliant?
Clearent: The formal process of achieving PCI compliance for most businesses will include submitting an annual PCI self-assessment questionnaire (SAQ) and possibly a quarterly network scan report by an Approved Scanning Vendor (ASV). SAQs are designed to help business owners report the results of their PCI DSS self-assessment. It is important to meet all of the standards for a specific SAQ before using it to ensure the correct feedback is receiving. It is also important for merchants to get help from their payment processing provider to look at their eligibility to find the best SAQ for them.
This is a big topic, and for more information we recommend checking out the PCI Compliance Scan: A 60 Second Overview and What’s New with PCI DSS 3.2? The CliffsNotes for Your Merchants.
HR: Why is EMV chip card technology beneficial to small business owners?
Clearent: Beginning in October 2015, costs associated with counterfeit card fraud shifted from financial institutions to merchants if their business failed to provide EMV-compatible equipment. Rather than a magnetic stripe, EMV uses a microprocessor chip embedded in the card that makes it virtually impossible to replicate. Businesses that don’t accept chip cards are more susceptible to counterfeit card fraud and its associated financial impact.
Lengthy chip card transactions, among other obstacles, have deterred more than 70 percent of U.S. merchants from adopting EMV technology. The good news is that there is now a solution that speeds up chip card transaction times from 15 seconds to two seconds. It’s called Quick Chip, and it dramatically reduces customer wait times and improves the overall checkout experience for your staff and your customers.
HR: Payment card fraud seems to be a growing issue for retail businesses. What can retailers do to protect themselves from fraud?
Clearent: All businesses that accept card payments should adhere to the following steps to reduce the likelihood of credit card fraud and data breaches.
- Follow PCI data-security standards. Business owners should complete their self-assessment questionnaire and vulnerability scans and stay up-to-date with all applicable assessments. If a business experiences a data breach and is not PCI-compliant, then the owner could face up to $500,000 in penalties.
- Adopt EMV technology. Chip cards are meant to reduce fraud by encrypting all information between the card and the reader. Magnetic stripe cards, on the other hand, contain analog data that’s easy to intercept, steal and spoof.
- Use a PCI-validated Point-to-Point Encryption (P2PE) solution. P2PE protects card data in flight as it moves through the payment process until it reaches a safe decryption environment. PCI-validated P2PE makes card data indecipherable and worthless to fraudsters and hackers.
- Craft a data-breach action plan. No matter how rigorously a business follows the PCI Data Security Standards and employs other security techniques, a hacker can still prevail. No system is foolproof and preparing for data breaches in advance keeps business moving along after one occurs. A data breach protection plan mitigates the financial damage of constantly evolving cybercrimes afflicting businesses of all sizes.
HR: Can you explain strategic/alternative funding? Why is this beneficial to independent business owners?
Clearent: This process involves credit card sales revenue based financing. It allows quick access to working capital. Approvals for strategic funding are based on cash flow instead of the traditional metrics banks use to underwrite a loan. It’s a fairly easy qualification process with no personal collateral required. Essentially, it’s a financing solution that does not require equity and payments based on a fixed percentage of sales.
This type of funding can be received quickly and can be used for inventory purchases, expansion, remodeling, hiring as well as a similar cash source as a line of credit. Money can be funded again and again once 70 percent of the borrowed amount has been repaid. This funding does not show up on a debit to income sheet when you are looking for a bank loan.
HR: What could a business owner do today to improve or reduce costs relating to their payment processing system?
Clearent: The most obvious way for a business owner to reduce costs is to make sure their current processor isn’t overcharging them. To check, a retailer should compare a recent statement to their merchant agreement to make sure they understand every charge. If they don’t, contact the sales rep for clarification. Merchants can also contact a different payment processor for a statement analysis.
Additionally, businesses should accept EMV chip cards if they don’t already do so and follow PCI Data Security Standards.
HR: Are there any other topics related to payment processing that independent retailers should have on their radar going into 2018?
Clearent: Technology is changing fast in all aspects of life and the checkout experience is no different. Customers and staff expect efficiency. Here are a few ways to use technology to make the checkout process more efficient and deepen connections with customers.
- Use a point-of-sale (POS) system or e-commerce store. Using a POS system, whether it’s traditional or a cloud-based tablet, offers key benefits to your business.
- Customer tracking. Create a customer list and use it to understand which customers drive more business. Obtain their email addresses for communications, loyalty programs, etc.
- Employee management. Use the clock-in and clock-out features to make payroll easier.
- Inventory management. Track which items are the hot sellers, know when to reorder and track profitability by product.
- Reporting. Pull reports on sales by day of week, time of day, etc.
- Support EMV with Quick Chip Technology.
- EMV uses the chip inside the card instead of the magnetic stripe on the back of the card.
- It’s designed to prevent counterfeit fraud and it works very well to do so.
- The liability shift took effect on Oct. 1, 2015, which increased risk of chargebacks for retailers.
- Let your customers pay anywhere. Customers increasingly expect to shop and pay anytime, anywhere. Not only in stores, but also online, via phone, via mobile and even via electronic invoices. There are a few ways to increase the amount of ways your customer can pay.
- Buy buttons. Retailers can easily add buttons to buy on their website to sell products without having to build in checkout flows or dealing with sensitive card data online. Add pay buttons for your customers to pay invoices on the website or embedded in an email is also an option.
- Shopping carts. To sell products on a website, merchants will need a true e-commerce platform or shopping cart. Managing inventory across physical stores and e-commerce is challenging. An e-commerce system that integrates with a company’s POS system is worth considering.
- Card on File with Tokenization. It’s easier for repeat customers to pay online or by phone if their payment information on file. But, retailers don’t want to store credit card data because it makes a business an attractive target for hackers and subjects the business to higher PCI standards. Business owners can use tokenization to store payment information securely at a third-party vendor. That way, a token is stored in the retailer’s system instead of sensitive card data. Tokenization can also be used in-store for customers to pay using a card on file.