Ensuring secure merchant services for your business is crucial if you want to accept payments online. In fact, processing credit and debit cards without a secure payment gateway could cost you hundreds of thousands of Euros in penalties—not to mention the reputation of your business. Before signing on the dotted line, it’s important to know what to look for in a merchant services provider to ensure that you and your customers will be protected.
The first thing that genuine merchant account providers must have is PCI-DSS compliance. PCI-DSS stands for “payment card industry data security standards”—a set of 15 security standards established by a coalition formed by the major card brands: Visa, MasterCard, Discover, American Express and JCB International.
While the standards themselves involve some very high-tech solutions, they cover things like:
- Secure card production
- PIN security
- End-to-end encryption
- Digital barriers to cardholder information, such as passwords
- Physical barriers to cardholder information, including locked filing cabinets and restricted employee access
Any merchant account provider that provides a payment gateway must ensure PCI compliance to keep your and your customer’s card information safe. Data breaches that occur in businesses that are not PCI compliant can cost €500,000 per incident, so every business owner should be thorough in making sure that their merchant service provider offers a PCI-compliant gateway that keeps customer card information off the e-commerce website itself.
Fees for PCI Compliance
Merchant service providers often charge an annual fee for PCI compliance or may build the cost into their monthly fees or per-transaction fees. Either way, this cost is necessary for ensuring secure online payments on your site.
SHA-256 SSL Encryption
One of the security standards mentioned was end-to-end encryption. What this means is that all customer card information is tokenised and the token (rather than the actual card number) is used to make the payment.
Merchant services providers who offer up-to-date credit card processing generally use SHA-256 SSL encryption, which is the most recent secure hashing algorithm and can’t be unjumbled or reversed even by the most advanced supercomputer.
How SHA-256 SSL Encryption Works
When a customer completes a debit or credit card payment on your website, every piece of information is scrambled or “hashed” into a 256-bit string of letters and numbers before it’s sent through the credit card processing network. This prevents hackers from intercepting transactions and stealing customers’ credit card numbers.
Advanced Fraud Scrub
Even with end-to-end encryption, criminals can still commit payment fraud using stolen credit cards, stolen customer accounts and credit card numbers that they obtained on the dark web. That’s why it’s essential to choose a merchant services provider that offers advanced fraud scrub software for payment processing.
While most payment service providers offer some kind of fraud scrub, the best merchant account providers offer a fraud scrub that’s customisable and adjustable. That means that rather than blocking transactions outright (or freezing your account without warning), suspicious transactions are flagged for review and you can decide on a case-by-case basis which ones to accept and which ones to reject.
For example, let’s say your fraud scrub blocked every transaction:
- From high-risk countries
- Where the billing and shipping addresses didn’t match
- With an IP address that didn’t match the shipping address
- With a value over €100
- With repeated items
You would probably block a large number of fraudulent transactions, but you’d also miss:
- Orders from loyal customers who are on holiday abroad
- Orders from trustworthy B2C and B2B contacts outside of Europe, Oceania and North America
- Large orders ahead of Christmas and the back-to-school rush
- Orders being purchased as a gift
In contrast, with a customisable and adjustable fraud scrub, you can:
- Raise the maximum order value ahead of a sale or busy period
- Approve international transactions from specific trusted customers
- Block transactions from card numbers and IP addresses that are known to be fraudulent
- Put certain transactions on hold until you have been able to ask the customers for additional verification
Chargebacks occur when a customer forces a refund through their card-issuing bank instead of going through the proper channels. Sometimes this happens because of a merchant error (such as double-charging), when the items aren’t received or when a refund isn’t issued promptly.
Other times, customers falsely claim that items weren’t received and force a chargeback while keeping the goods. This pattern of behaviour—known as “friendly fraud”—is on the rise. In the first quarter of 2022, “consumer abuse” was up 150% compared to rates before the pandemic.
In both cases, chargebacks are expensive for merchants and, if there are too many, the business owner could be placed on a high-risk merchant account or even have their merchant account terminated.
That’s why secure merchant accounts offer a variety of chargeback protection tools to identify chargeback attempts and block them before they occur. Unicorn Payment, for example, has a powerful dashboard and proprietary database that helps merchants identify chargeback attempts. Merchants can then contact the customer directly to seek a resolution.
No Hidden Fees
In addition to protecting merchants from outside threats, a secure merchant services provider will also be one that doesn’t rob its merchants in the form of hidden fees.
Things to watch out for include:
- Long contract terms with hefty early termination fees
- High setup fees
- A fee structure that isn’t clearly explained
- Processing fees in the written contract that are higher than the fees discussed
- Rises in processing fees without prior communication
Before signing a contract with a merchant services provider, review the terms carefully to make sure they are the same as what you discussed and that fixed fees and percentage fees are clearly outlined for credit card payments, debit card payments, cross-border payments and any other kinds of payments you process regularly. If there is also a monthly fee, ask whether this can be waived if you maintain a certain minimum monthly processing volume.
Excellent Customer Service
In case anything goes wrong, you need to know that your merchant account provider is there and ready to resolve the issue straight away. Ideally, your merchant account provider will offer:
- 24/7 customer service
- A range of contact methods, including live chat, calls and email
- A designated customer service representative for your business
- Support in all of the countries where your business operates
Finally, the most reliable way to find the best merchant service provider in terms of security features, merchant account services, processing fees and customer support is to read independent client reviews and ask for client referrals from the provider.
Merchant services providers that are legitimate should have dozens, hundreds or even thousands of satisfied clients and should also be more than happy to provide you with reassurance in the form of client referrals.
Due Diligence Pays Off
When looking for secure merchant services for your business, putting in the time to research providers at the start will pay off huge dividends in the end. With the right provider, you can save yourself thousands of Euros and headaches related to fraud, chargebacks and data breaches and ensure that your account—and business—remain in good standing.
Above all, look for a merchant services provider that offers:
- PCI compliance (for the gateway and your e-commerce website)
- Secure end-to-end encryption
- Fraud protection tools
- Chargeback mitigation tools
- Fair, transparent pricing
- Comprehensive customer support
- A wealth of positive client reviews
Get all of that right, and you’ll know that your money and your customers’ cards are in the best possible hands.