Merchant Accounts

April 26, 2010

Store owners frequently email in to ask just how they go about receiving money from their customers.  Here’s the skinny:

PAYPAL/WORLDPAY/2CHECKOUT/GOOGLE CHECKOUT

Many online stores start out with a service like PayPal or Google Checkout to receive payments. With those services it’s relatively easy to set up an account for your business and start receiving money.  These services have the advantage of being quick to set up, with no long-term contracts and minimal (if any) sign up fees or monthly fees.  When using any of these third-party processing services, the customer is forced to leave your website to complete a payment – you lose control over the purchasing process and can’t always troubleshoot if something goes wrong.  Occasionally communication between the processor and your shopping cart software can be delayed or fail completely, meaning orders are not processed in a timely manner.  While I see the use for these services for a new business or one that does not process a large volume of credit cards, as a business grows they should upgrade.

STEPPING UP

So where do you go? It’s time to get your own merchant account. If you live in a state with open records you’ll get inundated with sales calls and letters as soon as you register your business. Most (but not all) of these will be absurdly expensive. Do your research and find the one that fits your business. What fits one business won’t necessarily fit another.  Ask other business owners for recommendations of who to use and who to avoid.  Consider a local provider or the bank that holds your checking account, but compare prices carefully!

HOW IT WORKS

With PayPal, all received payments are sent to your PayPal account where you must manually go do something with the money (send to your bank account, pay someone else, etc). Transaction fees are deducted when the transaction is processed.  Google Checkout can automatically transfer the money to your bank account, but again the fees are all taken out before the transfer is made.

Using a standard merchant account, all of the day’s transactions are combined in a batch. When the batch is run (normally each night) the total amount is sent directly to your bank account. The EFT system can take a few days and could be slowed down by weekends or holidays, but in general deposits hit my bank account in 2-3 business days. At the end of the month your total fees are deducted from your checking account.  This difference seems very minor but can greatly streamline your accounting processes.

FEES

Processing credit cards can be expensive. You may not really think about it with PayPal since the fees come out of each transaction. However, add it all up at the end of the month – it’s not cheap. With a merchant account you can expect to pay a variety of fees:

1. Monthly statement/service fee – it doesn’t really cost that much to print and mail a statement, so many companies now call this a “service fee.” Expect to pay between $5 and $10. This is the biggest MONETARY difference between PayPal/WorldPay/2CheckOut and a merchant account.
2. Annual fees – watch out for providers who charge an annual fee on top of the monthly fee. One or the other is to be expected, but some providers do not mention the annual fee until it comes out of your checking account. Read that contract carefully!
3. Gateway fees – a monthly charge for using a gateway such as authorize.net (for online businesses only)
4. Equipment purchase/rental – your credit card machine. If your business is all online you don’t need one (use a gateway instead). Be careful of those leases, you could end up paying far too much for that machine. Don’t buy a machine from your merchant account provider. You’ll find much better prices elsewhere (try eBay).
5. Discount rate – a percentage of each transaction. Currently hovering between 2 and 2.4% for online or otherwise “high risk” businesses, much lower for physical stores.
6. Per-transaction fees – a small fee charged on every transaction. Expect between 10c and 35c.
7. Monthly Minimums – a minimum amount that your fees must reach each month. Many processors require this, they can run from $15 to $25. If you find a processor without one your other fees will likely be very high. This is not the amount that your SALES must reach – a $25 sale will count less than $1 toward that minimum. Calculating your break-even point requires some math to consider your average ticket size, average monthly volume and the various fees being charged.
8. Other fees – watch out! I’ve been charged $25 for switching the bank account where my deposits were sent. Beware the annual fee! Find out what makes a transaction non-qualified and how much the non-qualified fees are (some go as high as 5% discount rate). Consider the fraud screens.

Normally your per-transaction fees and discount rates will be lower than PayPal’s rates, but you do have to pay a monthly charge. These rates vary widely from one provider to the next! Some will charge you a high monthly fee, but a low discount rate. Some barely mark up the discount but have a large statement fee or an annual fee. Many charge you an arm for one and a leg for the other. This is where you need to do some math if you want to really get the lowest price. Figure up your average ticket size and the number of sales you have in an average month. If you’re serious about the comparing, set yourself up a spreadsheet and put in all of the different offers you receive to find what suits you best.

CONTRACTS

To the best of my knowledge, it’s a requirement of Visa that everyone have a contract. I’ve never seen one for less than 2 years, 3 years is the most common.

YOU GET WHAT YOU PAY FOR

Here at Blue Note we’ve dealt with several different credit card processors for our various clients – some great and some absolutely terrible.  Make sure you read your contract, and make sure the statements come in correctly! If you call a company on the phone and they sound like slimeballs, go with your gut and take your business elsewhere. Saving $5 on your monthly statement fee doesn’t help if you have to spend an hour on the phone making them correct it.

THE TECHNICAL SIDE
Since this is written for my clients with online stores, a short technical discussion is in order.

If you run a website, you need to use a gateway. Yes, it’s possible to simply capture someone’s card number and manually enter it into a machine. However, consider the benefits of a gateway:

1. Fraud screens – many gateways have extra checks that a terminal won’t.
2. Time – save time processing cards. When you use a gateway, the transaction is processed in real time. If the card is declined for whatever reason (address verification, typo in the card number, bad card) the customer finds out immediately and has a chance to fix it. The order is not placed until the card goes through. If you capture the card number and the card is declined you have to contact the customer, get a new card number and try it again. Time is money! It won’t take long to spend $10 in time calling customers for bad credit cards.
3. Security – don’t store card numbers in your website! It’s a huge risk. If someone finds those numbers you could be held liable for all kinds of mayhem. With a gateway nobody sees the card number except the customer and the computer.
4. Convenience – No need to file credit card slips and batch reports from your machine. No need to have a machine in the first place unless you also see customers face-to-face. All of the documentation comes in your email and you can look up transactions on the gateway’s website.

I think very highly of letting the gateway do the work. There are many out there to choose from, but I highly recommend authorize.net. I use them in my business and have set up many clients to use them. Integrating authorize.net with your website is easy, their interface is simple to use, and the price is right. I’ve worked with nearly every gateway for one client or another and none of them stack up.

BACKUPS

I’m sure you all know to keep backups of your data, but you need a backup for the gateway. All computer systems experience downtime, it’s a fact of life. Occasionally the gateways must go down for maintenance. Some have been hit with DOS attacks that took them completely offline. I highly recommend that anyone using a gateway have a backup system in place, even if it’s just as simple as capturing the card numbers and putting them in manually when the system is back up and running.

BLATANT ADVERTISING

Should you want to set up your website to accept credit cards using authorize.net, any other gateway or even manual processing, you can contact the good people at Blue Note Web Services and they’ll get you set up.

I have to write this information for two or three different clients each month, so here it is all in one place. I chose to put it on my blog so that others can write comments if they have anything useful to say.

PayPal is a pain in the neck. It’s difficult to integrate into a website and have everything work properly. I’ve spent many hours with one of my recent clients trying to get PayPal to function and charge the proper sales tax, I think the heartburn from that has convinced her to upgrade. On top of the technical difficulties, a site that accepts ONLY PayPal just screams “AMATEUR!”

So where do you go? It’s time to get your own merchant account. If you live in a state with open records (I think that’s all of them) you’ll get inundated with sales calls and letters as soon as you register your business. I’ve filed several DBAs and each of them resulted in a flood of mail. Most (but not all) of these will be absurdly expensive. Do your research and find the one that fits your business. What fits MY business won’t necessarily fit yours as we’ll soon see.

HOW IT WORKS

With PayPal, all received payments are sent to your PayPal account where you must manually go do something with the money (send to your bank account, pay someone else, etc). Transaction fees are deducted when the transaction is processed.

Compare that to a merchant account. All of the day’s transactions are combined in a batch. When the batch is run (normally each night) the total amount is sent directly to your bank account. The EFT system can take a few days and could be slowed down by weekends or holidays, but in general deposits hit my bank account in 2-3 business days. At the end of the month your total fees are deducted from your checking account.

FEES
Processing credit cards can be expensive. You may not really think about it with PayPal since the fees come out of each transaction. However, add it all up at the end of the month – it’s not cheap. With a merchant account you can expect to pay a variety of fees:

  1. Monthly statement/service fee – it doesn’t really cost that much to print and mail a statement, so many companies now call this a “service fee.” Expect to pay between $5 and $10. This is the biggest MONETARY difference between PayPal/WorldPay/2CheckOut and a merchant account.
  2. Annual fees – watch out for providers who charge an annual fee on top of the monthly fee. One or the other is to be expected, but some providers do not mention the annual fee until it comes out of your checking account. Read that contract carefully!
  3. Gateway fees – a monthly charge for using a gateway such as authorize.net (for online businesses only)
  4. Equipment purchase/rental – your credit card machine. If your business is all online you don’t need one (use a gateway instead). Be careful of those leases, you could end up paying far too much for that machine. Don’t buy a machine from your merchant account provider. You’ll find much better prices elsewhere (try eBay).
  5. Discount rate – a percentage of each transaction. Currently hovering between 2 and 2.4% for online or otherwise “high risk” businesses, much lower for physical stores.
  6. Per-transaction fees – a small fee charged on every transaction. Expect between 10c and 35c.
  7. Monthly Minimums – a minimum amount that your fees must reach each month. Many processors require this, they can run from $15 to $25. If you find a processor without one your other fees will likely be very high. This is not the amount that your SALES must reach – a $25 sale will count less than $1 toward that minimum. The last time I did the math it was going to take between $500 and $600 to make the minimum in fees. If you’re worried about making this, be sure to ask if that per-transaction fee counts as part of the minimum.
  8. Other fees – watch out! I’ve been charged $25 for switching the bank account where my deposits were sent. Beware the annual fee! Find out what makes a transaction non-qualified and how much the non-qualified fees are (some go as high as 5% discount rate). Consider the fraud screens.

Normally your per-transaction fees and discount rates will be lower than PayPal’s rates, but you do have to pay a monthly charge. These rates vary widely from one provider to the next! Some will charge you a high monthly fee, but a low discount rate. Some barely mark up the discount but have a large statement fee or an annual fee. Many charge you an arm for one and a leg for the other. This is where you need to do some math if you want to really get the lowest price. Figure up your average ticket size and the number of sales you have in an average month. If you’re serious about the comparing, set yourself up a spreadsheet and put in all of the different offers you receive to find what suits you best.

CONTRACTS

To the best of my knowledge, it’s a requirement of Visa that everyone have a contract. I’ve never seen one for less than 2 years, 3 years is the most common.

YOU GET WHAT YOU PAY FOR

I’ve dealt with some great credit card processors. I’ve also dealt with some real stinkers. I’m currently under contract with two different processors who have both caused me a great deal of grief. I did my research and I got a good deal on credit card processing – but for the first few months I was on the phone every time the statement came in making them compare my contract with the amounts I was being charged. Make sure you read your contract, and make sure the statements come in correctly! If you call a company on the phone and they sound like slimeballs, go with your gut and take your business elsewhere. When my contracts are up I’ll be doing the research again, and I’ll gladly pay an extra $5/month on that statement if I don’t have to make the monthly phone call to correct the problem.

THE TECHNICAL SIDE
Since this is written for my clients with online stores, a short technical discussion is in order.

If you run a website, you need to use a gateway. Yes, it’s possible to simply capture someone’s card number and manually enter it into a machine. However, consider the benefits of a gateway:

  1. Fraud screens – many gateways have extra checks that a terminal won’t.
  2. Time – save time processing cards. When you use a gateway, the transaction is processed in real time. If the card is declined for whatever reason (address verification, typo in the card number, bad card) the customer finds out immediately and has a chance to fix it. The order is not placed until the card goes through. If you capture the card number and the card is declined you have to get ahold of the customer, get a new card number and try it again. Time is money! It won’t take long to spend $10 in time calling customers for bad credit cards.
  3. Security – don’t store card numbers in your website! It’s a huge risk. If someone gets hold of those numbers you could be held liable for all kinds of mayhem. With a gateway nobody sees the card number except the customer and the computer.
  4. Convenience – No need to file credit card slips and batch reports from your machine. No need to have a machine in the first place unless you also see customers face-to-face. All of the documentation comes in your email and you can look up transactions on the gateway’s website.

I think very highly of letting the gateway do the work. There are many out there to choose from, but I highly recommend authorize.net. I use them in my business and have set up many clients to use them. Integrating authorize.net with your website is easy, their interface is simple to use, and the price is right. I’ve worked with nearly every gateway for one client or another and none of them stack up.

BACKUPS

I’m sure you all know to keep backups of your data, but you need a backup for the gateway. All computer systems experience downtime, it’s a fact of life. Occasionally the gateways must go down for maintenance. Some have been hit with DOS attacks that took them completely offline. I highly recommend that anyone using a gateway have a backup system in place, even if it’s just as simple as capturing the card numbers and putting them in manually when the system is back up and running.

BLATANT ADVERTISING

Should you want to set up your website to accept credit cards using authorize.net, any other gateway or even manual processing, you can contact the good people at Blue Note Web Services and they’ll get you set up.

Code Audit

April 23, 2010

Frequently we receive requests from store owners asking about the security of their site. Whether from untrustworthy programmers, hackers, out-of-date software or any other reason, Blue Note is here to help!

Depending on the circumstance, a code audit can be a quick process or an extensive task. Stores with customized code are much more difficult to examine. If your store has been hacked, we suggest also reviewing any available log files to find the attack vector and changing all passwords to prevent future attacks.

Our basic code audit service is $100 and covers the first 2 hours of work on your site. We’ll review your code for potential problems and make recommendations on any necessary updates or repairs to your site to prevent future attacks (billed separately). Highly customized stores may be billed at a higher rate.

Contact us today to schedule your audit! When you’re ready to begin, click the button below to make your down payment.

Change your osCommerce admin password

December 6, 2009

One of the most common email requests I receive is changing an osCommerce admin password.  Unfortunately there have been several different versions of osCommerce with different admin panel protection schemes, as well as a few different add-ons from other coders, each with a different method of maintaining passwords.  This post will cover the most common.

What sort of password prompt do you see when logging in to your admin screen?  The most common would look something like this:

Password prompt

99% of the time, this password prompt is being generated by the server.  You will need to contact your server administrator or web host to find out how to change it.  There is a contribution available for older versions of osCommerce that uses PHP to generate the same sort of password prompt.  If you have this contribution installed, your password is hard-coded in the file admin/includes/configure.php.  Be careful editing this file!  If you don’t know what you’re doing, you can break your entire admin panel!

Newer versions of osCommerce have PHP-based password protection in place.  The standard password prompt looks something like this:

password prompt

If you have this sort of password prompt, changing your password is very easy!  Log in to osCommerce using any current admin username and password.  Once you’re logged in, click the “Configuration” box in the left-hand column, then click “Administrators.”  Select the admin user you want to change and click “edit.”  Enter the new password, new username if you choose, save and you’re done!

screen3

Next question – what to do if you’ve LOST your username or password?

Resetting an .htaccess password is accomplished through your web host.  If your site uses the newer osCommerce PHP-based authentication and you’ve lost your password, resetting it requires editing the values in the database – which is outside of the scope of this post.

If you’re not comfortable handling a password reset on your own, Blue Note offers password reset services for $25.  This service requires that you have your hosting control panel password – if you don’t, contact your host and have it reset.  Contact Blue Note Web Services for more information.

Welcome to the new site!

December 4, 2009

Hey!  It’s different!

We’ve switched bluenoteweb.com to WordPress – a much more stable, easy to use platform than our old site.  Most of the content has moved over, but some links may be broken – we apologize!  If you find something we’ve missed, please don’t hesitate to let us know using the contact form.