Category Archives: Blog
White paper guidance document for GSA (Dept. of
Defense) Purchasing Card sales (update Oct. 2020)
BSC Store operators
In order to provide more uniformity across all BSCs in the way purchases appear on Pcard Cardholder spend files:
A. DBA Name (Doing Business As) – each BSC store’s merchant account (i.e., credit card processing account) will always have two (2) name designations. The Legal Name of the business, and the DBA (Doing Business As) name. This would allow all 155 BSC stores to name their location “AbilityOne BSC – Location”
See attached example on Appendix 1 for how the DBA name for all BSCs can be standardized regardless of the legal name of the NIB Agency.
B. MCC Codes – each BSC merchant account is assigned an MCC (Merchant Category Code) when their account is set up with the service provider (credit card processor). Only one MCC code is allowed per account and it is generally not changed once it is established. The MCC code generally corresponds to the SIC industry category code of the business.
One of the two categories below should be used for consistency across all BSC stores:
– 5111 – Wholesale stationery, office supply, writing and printing paper
– 5943 – Stationery, office or school supply store
The reason that it is important for the BSC to utilize a business activity-appropriate MCC code to its account is because the government purchasing card holder spending activity is monitored and controlled based upon where they use the Pcard for spending. A Pcard administrator for the government agency can prohibit a cardholder from making purchases with certain businesses that do not fall into appropriate MCC categories. Therefore using MCC codes that are different than the above may create problems for the Pcardholder
Some processor service providers may advise the BSC to use an MCC code that corresponds to charities or not-for-profit organizations since NIB Agencies are so legally defined. However, there is no “cost” advantage for the BSC store to use a MCC code corresponding to charities because there is no lower charity interchange fee for Pcards (only for consumer credit cards). Using a charity MCC code would also potentially confuse the federal agency because the Pcard holders would generally not be authorized to make charitable contributions with their Pcards. The Pcard administrator is looking to see that Pcard holders are using the card for intended and government authorized purchases which in this case would be stationery and office supplies, not charitable contributions.
See attached example on Appendix 1 for how the MCC category code is assigned to a BSC location.
II. Detailed Reporting – Level-3 information
Level-3 data consists of Line item information from the invoice for purchases made by the Pcard holder. In simple terms, when the BSC store provides Level-3 data to the payment processor as part of the credit card authorization and settlement, it means that a replication of the itemized invoice is being sent to the Pcard holder’s bank (in the case of Department of Defense, the Pcard holder’s bank is U.S. Bank). When U.S. Bank receives this data, they are able to provide detailed line item reporting of purchased items back to the Pcard administrator of the government agency. Line item detail is the best validation for the government agency that the Pcard holder is purchasing items that are appropriate and authorized. See Appendix 2 for a detail of fields in Level-3 data. See Appendix 3 for an example of a Pcard transaction which was processed with Level-3 data.
III. Lower Cost for the BSC – Level-3 information
The standard credit card swipe or chip reader (EMV) terminal at the store register is not equipped or certified to provide Level-3 data. Standard POS software is also not certified to provide Level-3 data.
In either case additional IT programming is involved in order to transfer line item invoice details from the POS system/software to the Payment processor.
Anecdotally, we believe about 60% of the BSC stores are set up to provide Level-3 line item details from their POS system to the payment processor. The other 40% of BSC’s are not providing Level-3 data.
Why does this matter from a cost perspective?
Those BSC’s who provide Level-3 data to the payment processor are paying about 0.8% less in fees to the merchant service provider.
So factually, the more [proper and complete] data which the BSC can provide to the payment processor, the lower the fees /cost that the BSC will pay.
See attached Appendix 4 for the interchange rate for Pcards (Level-3 vs. Level-1 data).
IV. Modernization and Security – EMV Terminals
For card present transactions that would be performed at the BSC store locations, the most secure and modern method of acceptance would be to utilize an EMV device. EMV stands for Eurocard, MasterCard, Visa, but is used as the acronym to designate when a credit card is processed using the chip reader instead of the traditional card swipe method where the magnetic stripe on the back of the card is “read”.
Appendix 5 explains the background why EMV devices are the most secure and therefore the best for cardholder protection as well as protection for the BSC.
While there is no mandate for any BSC location to utilize an EMV device vs. a card swipe device, the risk to the BSC location associated with breach of cardholder data is much higher. Since BSC stores are dealing with federal government Pcards, it is recommended that the most modern and secure technology and method is utilized to accept payment at the BSC location.
While there are many EMV devices on the market (priced in the range of $200 to $800+ per unit) these EMV devices are only able to transmit Level-1 or Level-2 data to the payment processor.
As of July 2019, there is only 1 source for procuring EMV devices which have the ability to provide Level-3 data to the payment processor.
As of July 2019, all BSCs that currently utilize an EMV device (approximately 15%-20% of the 155 BSCs in the U.S. utilize an EMV device) are providing only Level-1 and Level-2 data. There are no BSC locations with EMV devices that transmit Level-3 data to their payment processor.
See Appendix 5 for EMV equipment sourcing with Level-3 data capability.
Click to expand
BSC Store Credit Card Processing Solutions: EMV (Chip Reader) with Level-3 Processing. Offered exclusively by UST.
Alert! Now Available for BSCs
Certified EMV devices with Level-3 Data
For universal use with any POS System using API integration
Frequently Asked Questions (Q&A) Document
Effective April 2019
What does it mean to have a Certified EMV device which does Level-3 data?
EMV certification refers to the following Level-1, 2 and 3 certifications:
EMV contactless Level 1 certification ensures that the device (also: terminal) meets the lower level electromagnetic and communication protocol requirements. It includes operating distance tests where reference cards are placed at a set of predefined positions in proximity to the device’s antenna. It further covers analogue tests on the used frequency and digital tests on the low-level communication protocol, for example.
EMV contactless Level 2 certification is concerned with the validation of the software that implements the payment functionality and that runs on the Level 1-certified device. This software is referred to as a payment kernel. The contactless payment brands to be supported (e.g. Mastercard/Maestro Contactless, VISA payWave, or American Express contactless) determine which of the payment kernels are to be implemented.
EMV contactless Level 3 certification, or brand certification, ensures that the configuration of the software on the devices meets the brand requirements. In the case multiple payment brands are to be supported, all of the respective Level 3 certifications will have to be performed.
In addition, U.S. Transactions Corp. worked with Priority Payment Systems to certify the following Ingenico EMV devices (IPP 320 and ICT 220) to work in combination with the payment gateway software MXMerchantÔ gateway and its Level-3 data files which are accessed via API integration programming. This is the aspect which makes this product offering unique and is the only one of its kind on the market today.
Which devices have been “Certified” with the Level-3 software?
What is the difference between Level-3 Certification and Level-3 data?
Level-3 Certification (also known as “Brand Certification”) refers to certification that is granted by Visa, MaterCard, AMEX and Discover which ensures that the configuration of the software on the devices meets the brand requirements.
Level-3 data refers to the additional 16 elements of information (e.g., Product Code, Quantity, Unit of Measure, Price per Unit, Extended value, Freight, Duty, Discount, etc. – see Appendix attached) that must accompany each credit card transaction in order to qualify for the lowest interchange rate possible for Visa and MasterCard commercial cards.
Why is having Level-3 data so important?
Having Level-3 data attached to every government Purchasing Card sale means that the fees you pay to your merchant service provider should be at least 0.60% to 0.80% lower for each transaction due to a lower Visa/MasterCard Interchange fee.
What POS system have these certified EMV devices with Level-3 data been programmed to?
But the universal API programming guide of MXMerchant will allow these certified EMV devices to function with any modern POS system that will accommodate 3rd party APIs
There are many other EMV devices on the market, is there any other that are Certified to do Level-3 data with a payment gateway API that can be integrated to a POS system like Counterpoint NCR?
As of April 2019 there are none to our knowledge.
Why should we use an EMV device vs. a traditional card swipe device?
There are three (3) main reasons:
- Liability Shift: If the purchase is a counterfeit transaction, the merchant (i.e., You) generally holds liability, because the issuer has made the investment in chip technology to make transactions more secure while the merchant did not invest in upgrading to chip. This Liability Shift rule became effective October 1, 2015.
- Customer Requirement: your customer expects that your retail operation is utilizing the latest technology for card integrity and security. The card Chip reader capability makes it virtually impossible to intercept full credit card data from the card whereas magnetic stripe readers can be more easily hacked or data intercepted during a transaction. See below.
- Retail Site Security and Risk Mitigation: there is higher risk that a customer’s card data can be stolen from your retail site operation when utilizing traditional card swipe devices vs. an EMV terminal. Here is the reason why.
Magnetic-stripe cards are, well, magnetized. When you swipe them, the payment processor reads their magnetic fields and matches them to your bank account information. The problem with this is that the data is static, making it easier for fraudsters to lift your information and clone it onto a new card. In fact, there’s something called a skimmer — which they can get or make for as little as $20 — that can do this pretty easily.
On the other hand, the data on chip cards is constantly changing, making it extremely hard to isolate and extract. To rip it off, someone would have to get into the physical chip circuit and manipulate things to get your bank information. Not only is this level of data surgery really difficult, but it also requires a set of high-tech equipment that can cost north of $1 million. That’s not the kind of cash your average fraudster has handy.
Are there any other EMV devices that are certified with Level-3 processing data which will work with Counterpoint POS system?
Counterpoint’s own built-in credit card processing software (i.e., gateway) is not certified to do Level-3 data with an EMV device.
What is the difference between ICT220 and IPP320?
Here are the two main differences between these two devices:
- ICT220 – Sold with Power Supply and built in printer
- IPP320 – PIN Pad. No printer. Device and cables (power supply, and ethernet input) sold separately.
What is the price of ICT220 and IPP320?
ICT220 – $172.80 Includes the power supply, and you would just need an ethernet cable. The printer can be disabled.
IPP320 – $280.80 In order for you to use this device you have to purchase an IPP cable and the power supply separate. Total for all three components would be $280.80
 Source: UL Labs: https://ims.ul.com/emv-transit-what-are-these-emv-level-1-2-3-certifications-0 Source: Visa International Website. https://www.visa.com/chip/merchants/grow-your-business/payment-technologies/credit-card-chip/docs/VISA_LIABILITY_SHIFT_FINAL.pdf
What is Level-3 data
NIB Agencies save an average of 20-30% on credit card fees
Company A is a mission driven agency supporting services for local community blind and low vision individuals. As $50+ million manufacturing and distribution enterprise for AbilityOne products with sales primarily to Federal Government Agencies, Company A also operates multiple BSC stores. About 25% of their sales are credit card transactions (Visa/MasterCard purchasing cards). Company A spends over $500,000 per year in credit card processing fees.
Company A needed to substantially reduce credit card processing fees while improving the service level of its credit card processor.
- Within 3 weeks, implemented a more reliable Level-3 credit card processing platform for all BSC stores and manufacturing that achieved 100% Level-3 compliance.
- PCI Compliant solution fully integrated in POS system for BSC stores
- We are the only service provider which provides a single point of contact, AND has the expertise to be able to address issues unique to the federal government procurement rules and standards, including Sept 30 fiscal year end requirements
* Line item invoice/order data per Visa/MasterCard specifications, and if required, certification letter from UST to the GSA that our client is providing Level-3 line item detail in accordance with contract specifications.
** No additional fees charged by UST for our developer support
Authors: Julie Broadway, President & CEO, American Horse Council & American Horse Council Foundation; Julie Duncan, Association Industry Practice Leader, U.S. Transactions Corp.
In this article, part 3 in a series of articles on credit card fraud, we will examine the different types of chargeback fraud, the increased risk for chargebacks during COVID-19, and what you can do to insulate your Association against additional unnecessary losses.
Friendly Fraud and Chargeback Prevention
What is friendly fraud?
According to Chargebacks911, “Friendly fraud occurs when a customer files a chargeback instead of trying to first obtain a refund from the merchant. Authorized cardholders dispute legitimate charges to their credit cards, pushing the bank to force a refund under the pretense that the merchant made an error.”
Often, well-intentioned members may accidentally commit friendly fraud because they either do not recognize your merchant name or are frustrated by a long delay surrounding a refund.
There is a difference between chargeback fraud (malicious) and friendly fraud (an honest mistake); however, the difference does not matter as it impacts your bottom line the same. Both types of fraud involve filing a chargeback unnecessarily, and both have the same end result on your bottom line. Whether through ignorance or intent, receiving a refund while retaining the services purchased amounts to fraud.
The identity of the fraudster is what distinguishes malicious fraud from friendly. Malicious fraud is a form of identity theft through committed by utilizing a credit card number stolen from the authorized user.
Additional losses associated with chargebacks are as follows:
- Chargeback fees assessed by the processor
- Transaction processing fees
- Hours required to dispute the chargeback charges.
How is COVID-19 Leading to a Spike in Chargebacks?
Associations are facing decreased revenue from events, and in some instances, waning membership bases. Event cancellations and postponements are leading members to contact Associations in large numbers for refunds, resulting in long hold times, frustrated members, and the potential for higher chargeback rates.
Members may often forgo contacting you even under the best of circumstances, instead going directly to the bank to file chargebacks due to delayed responses or cancelled items (friendly fraud). The added pressures resulting from COVID will only amplify this problem.
Chargebacks mean lost revenue, additional fees, and poor member satisfaction. In extreme situations, you could face possible loss of your card processing privileges altogether.
Chargeback management is a tricky process, with the burden of proof being on you, the Association (merchant). And, with a delay in chargeback reporting due to the timeframe window for chargebacks being long (this is controlled by the card issuing bank), this situation may potentially go on for months.
How Can I Reduce or Prevent Chargebacks?
Implementing a strategy for avoiding, reducing, and disputing chargebacks can help you recover lost revenue and reduce future chargebacks, making a chargeback prevention strategy a solid policy that will pay off long after things return to normal.
What are some tips that will help mitigate the risk and recover revenue from Chargebacks?
Implement FRAUD Prevention Measures
Chargebacks are tied to one of three sources: criminal fraud, friendly fraud, and merchant error. Criminal fraud calls for a dynamic strategy. There are multiple fraud detection tools you can employ, including Address Verification Service (AVS), CVV verification, 3-D Secure, Captcha, and more. See our additional articles on how to prevent fraud at your Association www.ustranscorp.com/blog
Make YOUR CONTACT INFO Easy to Find
Create a relationship with members so that they contact you before calling the bank. Make your customer service information easy to find. You should include your phone number and email address to contact for refunds. Additionally, make sure information regarding your Association name and contact information is visible on your credit charge receipts (known as your descriptor).
MAKE refunds/cancellations EASY
If the customer/member asks to discontinue a service or refund a purchase, you should grant the refund or cancelation quickly. Make the process simple. Also, be sure to inform the customer once you make the cancelation or issue credit. It is very important to let your Member/Customer know that the refund can take up to 7 days to appear as a refund on their credit card billing statement.
Implement BEST PRACTICEs Policies
Follow the rules and regulations set forth by your merchant service provider for certain key best practices. For example, you make sure sales receipts are legible, settle batches promptly, and do not attempt multiple authorizations after receiving a decline. Keep a well-organized paper trail for every transaction. Stay current with your PCI Compliance Self-Assessment Questionnaire (SAQ).
Notify Customers Before Charging a Recurring Payment
If you bill your customer via recurring payments, be sure to notify them, especially if the payment occurs quarterly or annually. Notifying them that a payment is about to be processed will alert them to an upcoming charge and from whom it is coming.
NOTIFY CUSTOMERS OF DELAYS
If you are selling merchandise, let the member know of a delay. Also, if you discontinue an item, notify the customer immediately.
With vigilance and communication, your Association can put a strategy in place to reduce or eliminate chargebacks during this tumultuous time. If you would like more information about how U.S. Transactions Corporation helps Associations recover revenue and make informed decisions, please contact us directly at Julie@ustranscorp.com.
1 Charchbacks911. (2019, January 2) Friendly Fraud. https://chargebacks911.com/friendly-fraud/
|Title||Cash Management through Crisis for Nonprofits & Associations|
|Date||November 5, 2020|
|Time||3:30 pm – 5:00 pm (EASTERN TIME)|
|Description||COVID19 presents no shortage of challenges for executives leading not for profit organizations. The magnitude of impact to most not for profit organizations far surpasses initial considerations. As membership dues and conference registrations decline, many NFP and Associations are facing governance and management considerations related to the COVID19 Crisis. These include cash management, and tightly related budgeting, forecasting and financial planning techniques, as well as a need to keep board and finance committees well informed with frequent meetings and reports.|
Dan O’Dea joined CPA Department as Director of Outsourced Accounting, where he leads the accounting team and is responsible for managing the firm’s outsourced accounting function. Working closely with the founder, he supervises and evaluates employees to keep activities focused on the company’s overarching mission and goals of providing superior customer service designed to meet the needs of growing organizations.
Dan has been recognized for his extensive experience in accounting and finance, he was peer-selected as CFO of the Year, by the Charleston CFO Council in 2017. He has worked in a variety of local and national firms as Chief Financial Officer and Controller, as well as having served in the US Navy, and various community non-profit activities. Most recently Dan led finance and logistics operations for international manufacturing in the consumer-packaged goods space.
A US Navy veteran, Dan served more than 36 years of active and reserve service as an enlisted member and later as a commissioned officer. He received numerous awards and deployed multiple times to war zones, leading troops in hostile environments.
As a Joint Logistics officer, he led logistics operations for U.S. Security Cooperation as well as significant humanitarian assistance and disaster relief experience.
When not working Dan enjoys spending time with his family, boating, fishing, and doing a wide variety of outdoor activities.
|CPE (NASBA Category)||Finance|
|CAE (Field of Study)||Administration – Financial Management|
|CPE / CAE Credits||1.5|
|Learning Objectives||Preparation of Cash Budgets, Forecasts and Financial Planning
Review of ‘What-if’ Scenarios for Planning
Monitoring of Operating Reserves
Tightening of Cash Management, Cost Containment and Cash Flow
Creating a Culture of Overcommunicating to Boards and Finance Committees
- Internal fraud can cause mistrust in the association’s ability to manage resources, and troubling losses for nonprofits that reduce future contributions.
- Every dollar lost to fraud represents a lost ability to provide needed public services to your members and communities at large.
- By taking proper steps for PCI Compliance, you can protect against the risks of internal fraud.
In this 2nd article in a series on credit card fraud for Associations, we address internal fraud and embezzlement. Internal fraud may be the type of fraud that undermines an Association the most, creating a lack of faith or mistrust in the ability of the Association to responsibly manage the resources entrusted to it. Internal fraud results in losses that are especially troublesome for nonprofits because they come from tax-exempt funds earmarked for special purposes and may reduce future contributions and grants if an organization’s fiduciary practices are questioned by those being asked to make contributions. Every dollar lost to fraud represents a lost ability to provide needed public services, both to your members and communities at large.
According to data provided by Certified Fraud Examiners, fraud within nonprofit organizations can be prevented and/or loss can be mitigated by the implementation of important controls.
How is Internal Fraud related to Credit Card data?
It is an unfortunate reality that the more exposed your members/customers credit card data is, the more likely it is that an employee, either deeply in debt or deeply disgruntled may use the opportunity to steal credit card information. Those numbers can either be used by the employee directly or sold on the dark web. Either way, you are held liable for not protecting your customers data. Taking steps to reduce the exposure of credit card data will help mitigate the risk of internal fraud.
What are Internal Control Best Practices for Managing Sensitive Credit Card Data?
Strong internal controls can help reduce the risk of theft, fraud, and embezzlement in your Association. There are practical steps every Association can take (even those with very few staff members) to guard against theft and embezzlement in the nonprofit workplace.
What can your association do to protect credit card data from falling into the wrong hands?
The following best practices provide a comprehensive solution for protecting data.
- Save Credit Card Data on a PCI Compliant Gateway1– a PCI compliant gateway ensures that the data you collect is housed in a PCI certified In fact, the best way to store credit card data for recurring billing is by utilizing a third party credit card vault and tokenization provider. By utilizing a vault, the card data is removed from your possession and you are given back a “token” that can be used for the purpose of [recurring or subsequent customer/member] billing .
All vaulted card data held in the gateway’s vault becomes the responsibility of the gateway. Your organization/employees will no longer see the full credit card number on customers/members but will only see a masked credit card number. If a customer or member makes a repeat purchase, your staff should not be asking again for full credit card data (instead ask for only the last 4 digits of the card for verification) because this exposes your staff repeatedly to sensitive customer data. Instead a repeat customer should have their card charged through the PCI compliant gateway using the “masked” card on file so that there is no need for the employee to have exposure to seeing the full credit card data.
You may notice many mom-and-pop or small business service providers ask you to give your full credit card data every time you make a repeat purchase under the premise that they don’t store credit card data for security purposes. This is factually a poor business practice for the reason stated above.
You can determine if your 3rd party gateway is PCI Compliant by going to the Visa International Website – The Visa Global Registry of Service Providers — and entering the name of the gateway that you currently use. https://usa.visa.com/splisting/splistingindex.html
- Use a Payment Link that is connected to a secure Hosted Payment Page – using a Hosted Payment Page (HPP) allows your members/customers access to a payment link where they enter their personal credit card The credit card data is captured directly by the 3rd party PCI Compliant gateway so that this sensitive data does not travel across your server environment. Once the transaction is processed, your staff will only see a masked credit card number, never the full data.
- Tokenization of CC information, especially when changing processors or gateways – storing data in the gateway vault tokenizes the The same is true when using API credentials between your AMS and your Processor. Your AMS should be storing only tokens of the actual credit card number which your AMS system receives back from the 3rd party PCI Compliant gateway.
If your Association changes processors or AMS systems, and this requires you to use a new 3rd party gateway, you can request your current 3rd party gateway to transfer the credit card data from their vault to the vault of your new 3rd party gateway. A service fee may apply. Once this is done, your new 3rd party gateway will send you a data file with new “tokens” for the underlying credit card data of each customer/member.
- Complete a PCI Compliance SAQ at least annually and conduct your quarterly scans if Most processors require an annual SAQ (Self-Assessment Questionnaire) and will charge you additional monthly fees for non-compliance. Keeping your SAQ up-to-date ensures that you are mindful of best practices regarding PCI compliance. PCI rules require that you update your SAQ at least once per year. In addition, if you have significant credit card volume, you will be required to perform scans of your network. PCI scanning seeks and identifies vulnerabilities in your network and operating systems, enabling you to find and fix problems and improve security.
- Limit your employee user privileges for The refund function in your gateway is a way internal credit card fraud can occur. Limiting/restricting access to refunds or limiting amounts that employees can refund will assist in protecting you against falsified refunds. A falsified refund could occur, for example, when an employee uses a personal credit card to have a refund or credit applied to their credit card at the expense of the organization.
- Reconcile your batches to your settlements daily. Your daily batch should match your deposit. Daily reconciliation allows you to quickly monitor for any discrepancies.
- Credit Card numbers should never be transmitted via email nor stored on your hard Emails and hard drives can be breached. Credit card information should only be provided verbally over the phone, faxed over an analog phone line (not voice over IP line or a phone number tied to a electronic fax delivery service), or through a hosted secure check out page. If full credit card information is received, it should never be stored on the hard drive of any computer. It should be input immediately into a PCI compliant payment gateway for vault storage.
- Do not store the three-digit CVV/CSC code. PCI Compliance rules strictly prohibit anyone from storing the 3 digit CVV/CSC code (4 digits in the case of AMEX). That also means that PCI Compliant gateways which do store the full credit card data are not allowed to store the corresponding CVV/CSC code. As a result, should a hack occur and credit card information is compromised, the hacker will not receive the 3 digit security code which will make it more difficult for fraudsters to make online purchases using stolen credit card data since the 3 digit security code is often required for the credit card purchase to be successfully completed.
Associations bear the burden of convincing the public that they have the right systems and policies in place to ensure that contributions and other resources are being judiciously maintained and managed. The fiduciary responsibility to use donated funds in the manner intended is of utmost importance for Not for Profit organizations and Associations. The above steps will go a long way in ensuring that Associations are doing all they can to protect their organization from internal credit card fraud.
Talk with your team and consult with your credit card processing representative. See what solutions they recommend. A coordinated, proactive approach will ensure your Association will be in a better position to weather potential threats.
A final note to readers who are officers of nonprofit organizations and Associations, for personal identity protection and to prevent unintended comingling of personal banking account data with Association banking data, be sure to use your Driver’s License or Passport for identification purposes when it comes to your Association’s banking information, in lieu of your Social Security number. This will help to prevent your organization’s bank accounts from being associated with your personal bank accounts.
If you would like more information about how US Transactions Corporation helps Associations with credit card processing, please contact us directly at WadeTetsuka@ustranscorp.com or firstname.lastname@example.org.
1 Examples of PCI Compliant gateways include 3rd party services such as Authorize .net, PayFlow Pro (PayPal), CardPointe (CardConnect), MXMerchant , Cybersource, Network Merchants , PayTrace, and many ot hers.
2 Source: PCI Compliance.org
Each year, we at U.S. Transactions Corp. speak with well over 150 companies across the U.S. with respect to their credit card processing services. These companies are typically doing business with the Fortune 500 and are naturally concerned about how to have the lowest possible cost for processing Purchasing Card payments (Visa/MasterCard/AMEX) from their Fortune 500 clients. Likewise, these companies are concerned about credit card data security (referred to as PCI Compliance).
Each year, we at U.S. Transactions Corp. speak with well over 100 Associations across the U.S. with respect to their credit card processing services. Out of countless discussions and observations, we have discovered the problems and solutions boil down to 5 major issues that make about 80% of the difference for Associations when it comes to credit card processing. These 5 “Problems” arise in virtually every Association we come across. Instead of keeping the solutions a secret to ourselves or to those Associations who happened to have met with us, we thought it would be worthwhile to make the recommendations available for everyone’s benefit.