Many people have an aversion to filling out forms, finding the process tedious, time-consuming, and perhaps difficult.  Therefore, I understand when business owners lament that they have to fill out a merchant account application as they are concerned about its potential to leave them with cramped fingers, weary eyes, or dulled brains.

Please take a deep sign as the standard merchant account application should not prove to be a formidable enemy.  In fact, getting through an "app." should be a relative breeze as long as the kids are playing quietly in another room and that one still has clarity of mind.

Applying for a merchant account necessitates disclosure -- about the business owner and his/her business.  Many of the required fields are self-explanatory: Name, address, telephone number, fax, and email are some of the requested fields of information that you have to complete.  Some "sensitive" information will also need to be provided, including your federal EIN number and/or social security number.  (Your s.s. number will be used to run a personal credit check and its this score that can greatly influence whether your merchant account application will be accepted or rejected.)

You will also list your legal entity's name and its Doing Business As (DBA) name.  The indicated DBA is the name which will appear on your customers' bank statements.  You will also need to fill in the number of years that your business has been in existence, the nature of your business, where you run and operate your business (e.g., residence, office building, storefront, etc.), and when you intend to charge customers' credit cards and the time frame that you will deliver your products.  Most apps. also ask you to disclose your return policy.

One section of the merchant account application that can lead some to scratch their heads involves trade references.  Typically, merchants are asked to list one or two businesses they work in concert with -- companies that can vouch for their entity's existence.  For example, an Internet-based merchant may list his/her product suppliers.  Business owners (particularly true for service business owners) may not work with other businesses and can list one or two customers as a substitute.  In the absence of any customers or connections to other businesses, listing the name of one's accountant or attorney may serve as a viable option.    

In essence, you are creating an information-rich depiction of your business operation.  Underwriters need to have a conception of your business model and about "who" you are before they can grant permission for you to obtain credit card processing capability.  Remember, underwriting and risk analysts incessantly worry about potential chargebacks and must feel confident that the merchant can sustain such chargebacks.  This is why one of the most important sections of the merchant account application concerns the projected processing amounts.

On the app., you will have to indicate the following figures: The anticipated monthly volume, average ticket, and highest ticket.  The monthly volume is the amount in credit card processing sales that you anticipate; the average ticket is the amount that a typical customer will charge on their credit for a given transaction; and the highest ticket is the highest amount that a customer will spend for your product or service.

Of course, it is extremely difficult for a new business owner (or even a veteran business owner who has never accepted credit cards) to project such figures.  However, it is always best to OVERestimate these amounts than underestimate as they serve as your limits.  Exceeding any of these limits may red flag a transaction.  Suppose, for example, a customer charges $500 on their credit card but your highest ticket allowed is $250.  Such a transaction will be held until the risk department assures that the transaction is valid and that the merchant has adequate funds in his/her bank account should the customer dispute the charge in the future.  In order to avoid this type of scenario, ask for higher limits than you anticipate.  (On the flip side, the greater the limits that you request, the more due diligence the underwriters perform.)

Once you complete the required fields, do not forgot to scrutinize the rates page.  Ensure that the fee structure quoted is properly listed on the application.  There should be no discrepancies so that you can sign your name without buyer's remorse.  (Please note that you may be asked to sign your name several times -- one for the Personal Guarantee section, one acknowledging that you have seen the terms and conditions, and one perhaps acknowledging that you are aware of the merchant account provider's acquiring bank.)

Although you don't want to rush through the app., even a methodical approach will not require you to devote more than an hour's time to finish it.  Most customers report that it takes them about 30-40 minutes to complete it (without interruptions) -- a small time allocation to allot in order to secure a very important service.  The process is very straightforward and easy, and no nightmares should be induced by any merchant account application.        

You've just opened a new merchant account, ready to swipe your first credit card, but chances are you just skimmed your processor's terms and conditions and only have a rudimentary knowledge of the cardholding association's policies and procedures.  The following "do not" guidelines should assist you en route to collecting your customer's payment via the swipe credit card, conforming to acceptable practices:

- Do not refuse to accept credit cards when a customer is averse to presenting personal identification - It may be understandable and permissible to ask a customer for personal identification, such as a driver's license, but you cannot deny use of plastic if a customer does not accommodate your request.  Many states have laws prohibiting merchants to base their decision whether to swipe a card on whether the customer presents suitable ID.

The only exception to this rule is if the swiped credit card to be is unsigned.  Here, the business owner can ask for government ID and then compare the signature on the government ID with the signature that the customer will now have to provide on the back of the credit card.

- Do not require that the sale has to be a certain minimum amount to swipe the credit card.  This is in violation of the cardholding association rules.  Moreover, imposing maximum transaction amounts as a condition to accept plastic is also taboo.

- Do not charge a surcharge to your customers for using their plastic.  While it makes sense / cents for business owners to recoup credit card processing fees, customers are not supposed to foot the bill for this expense.  Of course, merchants can build such expenses into their pricing model, but they are not supposed to itemize an invoice, for example, where the customer is charged for using their credit cards.

Of interest, merchants can offer “cash discounts” to customers who pay with cash, but again, cannot penalize credit card wielding customers.  (Some institutions, such as utility companies, may be able to charge a “convenience fee” to customers for using plastic if such businesses do not ordinarily accept credit cards.  The rules and loopholes to charge convenience fees are murky so proceed with caution if this is your intent.

- Do not place a hold for the estimated tip when swiping a credit card.  The practice to authorize tips used to be habitually done by many restaurant, hotel, and hospitality businesses and is now against Visa regulations.  Too many customers became upset when their actual bill did not match the total price reflected by the merchant’s charge because it has factored in an estimated tip.

- Do not, under any circumstance, provide a refund in cash for a credit card purchase.  You can easily imagine how this practice can leave you susceptible to fraud.  It’s also against the cardholding associations’ stipulations.  

- Do not refuse to accept rewards cards.  Although there may be an additional cost to accept rewards cards, you cannot prohibit customers from using them, as long as you accept that brand.  For example, if you already accept Visa and MasterCard cards, you cannot tell customers to refrain from using Visa and MasterCard rewards cards.

- Do not try to compel customers to waive their chargeback rights.  According to the cardholding associations, customers have the right to dispute any given charge.  You may have a customer sign and acknowledge that there are no refunds, for example, but you cannot try to convince customers that they cannot initiate chargebacks.  (Of course, you would probably win a chargeback when presenting this “no refund” acknowledgement, for instance, but customers still have the right to challenge the authenticity of any transaction.

The aforementioned “do not” rules are not exhaustive but should provide a framework for retail merchants to comply with standard regulations, and safely and properly accept any swipe credit card.

I just received a call from a merchant who asked, "What is PCI compliance?"  The "PCI compliance" question is becoming more and more common so I thought that I should address it again.  

While we all enjoy the benefits and convenience of living and working in a high-tech era, unfortunately we must realize high tech crime comes with it. Computers and phone lines around the world are being hacked into on a daily basis and this has the major credit card companies more than just a little concerned as they’re suffering huge losses due to fraud. This is why PCI compliance was introduced to all merchants who accept credit cards as a form of payment.

PCI stands for Payment Card Industry and you will often see the letters DSS after it, which means Data Security Standard.  This is a set of standards financial institutions and credit card processing companies have to comply with when facilitating credit card processing. The goal is to protect personal information and to make sure all transactions and data storage are handled securely by using a common security standard. Basically, it’s a way for the industry to regulate itself.

If banks and merchant account providers don’t comply with these standards they may be fined or could even have their credit card-selling privilege taken away. Merchants themselves must also meet the PCI compliance standards.

There are four different levels of standards that must be met, and these depend on how many annual sales you process. Level one is for merchants who handle over 6,000,000 transactions a year and level four refers to those that handle less than 20,000. The more transactions you process, the more security measures you must meet.

You should start off by filling out a Self-Assessment Questionnaire (SAQ) which will be sent to you with your merchant account statement.  Your answers will be scrutinized by security departments and they will decide if you need to implement any further security measures.

If you process transactions via an Internet connection, then the system must undergo a security scan to make sure it can’t be compromised or hacked into.  An auditor may also show up at level one merchants to make sure everything is being done according to PCI compliance.

There are several categories of PCI standards that need to be met for you to be considered as compliant.

• Your network has to be secure and the proper firewalls and other security measures need to be installed.
• Credit Card holder data must be protected when it’s stored and transmitted. This means limiting access to it and possibly encrypting the information.  Encryption is essential for internet transactions and information must be encrypted with at minimum 128 bit SSL certificate to meet the standard.
• A vulnerability management program should be in place. This basically means that you must ensure that you're using updated hardware, software, and operating systems. Be sure to install anti-virus software and run virus scans on a regular basis.
• Strong access control measures need to be implemented.  Meeting PCI compliance means you should only give cardholder information access to employees who need it.
• Networks should be tested and monitored on a regular basis to meet the standard. Make sure you identify and immediately fix all possible security leaks.
• An information security policy needs to be maintained.  This means you should make sure all employees fully understand and know what their responsibilities are when it comes to cardholder information.

If you can meet these standards above, you’re well on the way to PCI compliance.  However, things don’t usually get that involved for level four merchants and they often meet standards by using a payment gateway or merchant account provider that offer compliant services. And remember, if you don't store, transmit or process any credit card data at all, then you don’t have to meet PCI compliance.

While adhering to PCI compliance makes credit card transactions more secure for you and your customers, it doesn’t’ come without a cost. Because all of the security measures have been implemented by financial institutions and merchant account providers, the costs are naturally passed down to the merchants. However, you can shop around to see who offers the best deal as the price varies.  Some credit card processing companies are currently waiving any PCI compliance fee.  

Since PCI compliance is now a standard industry requirement for accepting credit card payments, there’s no two ways about it, you must become compliant. If you’re not sure you are, then contact your credit card processor to get all of the details as the monetary fines for not meeting the standards can be astronomical.  You don't want to find out the answer to the question, "What is PCI compliance" after you're fined.