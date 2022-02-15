Last month, I left my credit card at Cole’s Chop House. When I returned the staff gave me a hard time about the MLB logo on my cap. (I deserved it — rookie move.) The staff secured the card for pickup. In addition to securing my card, Cole’s paid a discount for the privilege of accepting payment.

You call that a discount?

Merchants hate paying discounts. The ‘discount’ is the amount being discounted to pay card processor fees. The consumer pays the stated amount but merchants are charged to get their money.

All card processors require merchants to properly secure cardholder data. Thus, Cole's secured the card I left behind. Cardholders don't want their card compromised and merchants don't want to be the point of compromise.

The card networks impose stiff fines for merchants who are breached and if card data was not stored in accordance with Payment Card Industry (PCI) Data Security Standards (DSS). PCI DSS came about because of hacks and subsequent card counterfeiting.

Consequently, most processors charge a monthly fee of $35 to $55 for merchants who have not validated compliance. Given the waning need, circuitous compliance process, and potential increase in discount fees, this is an unfair burden.

Dynamic chips

Visa and Mastercard, recognized that Europay, MasterCard, and Visa (EMV) or chip cards are not subject to counterfeiting and long ago implemented PCI validation exemption programs. Chip cards came about because magnetic stripe cards were easy to counterfeit and clone. EMV cards, on the other hand, have microchips built-in.

The data on the microchip dynamically updates and is authenticated at the point of interaction. If the static information is counterfeited, it will fail to authenticate on subsequent purchases.

Regardless, processors mandate compliance, and merchants must complete two sets of questions OR face a monthly non-compliance fee. The first set of questions defines the environment and the specific questionnaire. eCommerce merchants, for example, have a different environment than point-of-sale merchants.

Once the environment is defined a merchant must then answer the questions related to their own environment. Unfortunately, the questions used to define the environment as well as the Self Assessment Questions (SAQ) are technical. Defining the environment, for a merchant not familiar with payments industry jargon is difficult. The SAQ too is jargon packed.

The alternatives

Merchants do successfully navigate the SAQ and questionnaire. Recently, I assisted an orthodontist translate their SAQ and within 10 minutes, they successfully completed their respective questionnaire and eliminated a $50 monthly fee. Like with a foreign language, once the jargon is translated, it is easy to understand.

Some processors have assisted merchants by building solutions that are inherently secure when used within a specific integration architecture. Others may embrace the exemption program.

Regardless, businesses want their card data secure and will seek solutions which are inherently secure. If that is not practical, they should take the time to validate compliance through their processor’s portal. Doing so will eliminate inappropriate fees and provide a safe haven in the event of a breach.

Ken Musante is President of Napa Payments and Consulting. Ken has deep industry knowledge regarding interchange optimization, PayFacs, Fintechs and integrated solutions. He provides merchant consulting and expert witness consulting. He can be reached at 707-601-7656 or kenm@napapaymentsandconsulting.com.