02/23/2022
Business owners, school administrators, and managers tend to be perceptive and discerning consumers. That’s understandable since you routinely evaluate the many products and services needed to keep your school or organization running smoothly. One of the services that you undoubtedly will require is the ability to take credit card payments online for registrations, membership, donations or other purchases.
Credit card processing and in particular method in which the fees and costs are calculated is often a misunderstood process with many moving parts making it difficult to fully understand the deal that you are getting or the costs that you will incur. Additional considerations surrounding credit card processing for schools and nonprofits is the security of your customers and constituents’ data and the ability to prevent fraud from occurring.
Accepting credit cards enables you to get paid faster than waiting for checks or other forms of payment. To do this means that you’ll need to utilize a credit card processing company or partner with a software provider who can assist you with this as part of the registration and membership software services being provided. You don’t need to become an expert, but you’ll be a better consumer if you know how credit card processing online though a gateway works and how the fees involved are structured as this can be confusing with some processors.
To understand how payments processing works, we’ll start by looking at the different vocabulary, actors, and their roles within this process.
Who are the actors in a credit and debit card transactions and what are some of the terms I should know?
A “cardholder” obtains a credit or debit card from an issuing bank, uses the account to pay for goods or services. This would be your direct customer, member, donor, or student or their parent / guardian or employer.
A “merchant” is any type of business that accepts card payments in exchange for goods or services such as class tuition or membership fees. This is your role within the process.
A “merchant bank” establishes and maintains merchant accounts. Merchant banks allow merchants to accept deposits from credit and debit card payments. This might be B of A, Trans First, FirstData, Wells Fargo or another bank.
The “acquirer”, also known as the acquiring or merchant bank, is the financial institution that maintains a merchant’s account in order to accept credit cards. The acquirer settles card transactions for a merchant into their account. Sometimes the payment processor and the acquirer are one and the same.
“Payment processors” are companies that process credit and debit card transactions. Payment processors connect merchants, merchant banks, card networks and others to make card payments possible. There are many payment processors each with their own fees and rates and with differing levels of service and functionality being offered.
A payment processor manages the credit card transaction process by acting as the mediator between the merchant and the financial institutions involved. A processor can authorize credit card transactions and works to ensure merchants get paid on time by facilitating the transfer of funds. Some payment processing services provide equipment for card acceptance, security solutions, PCI compliance assistance, customer support, and other value-added payment processing services.
“Issuing banks” are the banks, credit unions, and other financial institutions that issue debit and credit cards to cardholders through the card associations. The issuer, or issuing bank, is the cardholder’s bank, which is responsible for paying the acquirer (and subsequently you the merchant) for approved credit card transactions and collecting payment from cardholders.
“Card associations” include Visa, Mastercard, Discover and American Express. The card associations set interchange rates and qualification guidelines, and act as the arbiter between issuing banks and acquiring banks among other vital functions.
“PCI compliance” refers to compliance with the PCI DSS, the Payment Card Industry Data Security Standard. PCI DSS is an information security standard that applies to all entities involved in processing, storing, and/or transmitting payment card information. Any merchant that accepts card payments must comply with PCI mandates. Failure to achieve and maintain PCI compliance can leave a merchant vulnerable to a data breach and the ensuing negative fallout including fines, fees, and lost business.
PCI compliance is complex and depends on various factors. Some payment processors offer PCI compliance tools and assistance to their merchants. The type of offerings can include security check-lists, hands-on help, breach coverage, and more. Because PCI mandates are updated regularly, it’s a good idea to work with an experienced payment processor and a registration, donor, and membership management software service provider that offers a complete PCI compliance assistance program and is up to date on the latest technologies available to protect your business or organization and your customers data.
You can learn more about PCI Compliance in our PCI Compliance – What You Need to Know article.
“EMV chip cards” have become more commonplace since the fraud chargeback liability shift that took place in October 2015. The liability shift placed new responsibilities on merchants for card-present fraud. Basically, if a business processes a chip card without using an EMV-enabled terminal, it could be held responsible for any fraud that results.
EMV is not a mandate like PCI (e.g. merchants will not be fined for not using an EMV-enabled device). But it is a necessity for merchants in reducing their fraud and chargeback rates for card-present transactions in some instances. It’s important to note, however, that EMV does not protect against a data breach— that’s where PCI comes in. So be sure to ask your payment processor about both EMV and PCI compliance solutions.
What does credit card processing look like in motion?
Credit card processing works in three distinct processes:
- Authorization
- Settlement
- Funding
Let’s examine each of these areas starting at the beginning of the transaction with the “authorization” process.
- The cardholder presents their card by entering number for their online credit card payment to a merchant in exchange for goods or services, perhaps membership, tuition fees, or donations.
- The merchant sends a request for payment authorization to the payment processor. This will often be a component of your website or registration and membership software system.
- The payment processor submits transactions to the appropriate card association, eventually reaching the issuing bank.
- Authorization requests are made to the issuing bank, including parameters like CVV, AVS validation and expiration date.
- The issuing bank approves or declines the transaction. Transactions can be declined for insufficient funds or available credit, if the cardholder’s account has been closed or expired, if a payment is past due or other factors. Sometimes cards are declined due to fraud alerts based upon incorrect addresses (See Address Verification Services later in this article) or suspicious transactions such as the same amount being processed in sequence by the same merchant for the same service or fee.
- The issuing bank then sends the approval (or denial) status back along the line to the card association, merchant bank and finally to the merchant.
That’s the credit card authorization process. The card authorization process takes only a matter of seconds in most cases but is the basis for everything to come.
Next in line is the “credit card settlement and funding processes”. This part is essentially how you the merchant gets paid from the credit cards you accept for your classes, memberships, donations, etc.
- Merchants send batches of authorized transactions to their payment processor. This takes place in many cases once per day and it is important to know the schedule on which the batch is sent as reconciliation of your statements will be much easier if you are aware of this schedule. For example, transactions authorized on Monday may not be batched until Tuesday morning at say 1:00 AM making them have a settlement date 1 day after the actual authorization which is what your registration software would likely have initially captured in most cases.
- The payment processor passes transaction details to the card associations that communicate the appropriate debits with the issuing banks in their network.
- The issuing bank charges the cardholder’s account for the amount of the transactions.
- The issuing bank then transfers appropriate funds for the transactions to the merchant bank, minus interchange fees. We will discuss interchange fees a little later.
- The merchant bank deposits funds into the merchant account.
The settlement and funding processes that used to take days are now almost always handled overnight, helping merchants get paid quickly, often within 24 to 48 hours with some payment processors.
Address Verification to improve online payment security
Every U.S. merchant who has accepted a credit or debit card over the past few years should be well aware of the shift to EMV chip cards that took place in October 2015. Now when customers make an in-store purchase, they most likely insert cards into a POS terminal, rather than swipe in a magnetic stripe reader.
While that change has helped to protect card present purchases, card not present fraud in the US is on the rise. That means online purchases are more vulnerable today than ever before. And it just so happens that the US leads eCommerce worldwide with 77% of US merchants selling online.
So, how can eCommerce merchants reduce the risk of credit card fraud for their customers and their businesses? A comprehensive fraud and chargeback prevention system should include using the Address Verification Service (also known as AVS).
AVS and CVV: How do they help reduce credit card fraud?
Customers might feel like they’re getting the third degree when it comes to making a purchase online, with more and more merchants requiring the credit card number, name on the card, Card Verification Value (CVV) code and, on top of that, zip code and/or full address. However, this extra information is for the sake of customers and merchants alike, because address verification can help to validate a credit card purchase.
When a card is not present, a verified address helps to increase the chances that the customer is the actual cardholder. In fact, AVS helps add an extra layer of security.
Card Verification Value (CVV or CVV2) are the last three numbers on the back of a credit card or debit card. This number should never be written down or stored for any of your customers as it is a violation of the PCI DSS discussed earlier.
AVS is a numeric address verification system that matches customer information with the information on file with the card issuer.
Address Verification: Three examples of how it helps––or doesn’t
Say, for instance, a cyber thief has stolen Tom’s credit card information by some means, such as hacking into a company’s data. That thief may have obtained Tom’s full name, his credit card number, and possibly even a CVV code. But the criminal probably does not have the address linked to Tom’s credit card account. Only the true cardholder would have that information. Without an address, a merchant can choose to not authorize a purchase with that card.
Let’s say another customer, Jessica, has forgotten her credit card on the checkout counter of a store, and someone picks up her card with the intent to try and use it for an online, card-not-present purchase. That thief now has an actual card with a CVV code on back, but not an address. Again, if the online merchant requires address verification for a credit card transaction, it will prevent a fraudulent purchase and most likely a chargeback.
In this next unfortunate instance, Dan dropped his wallet which held all of his credit cards, as well as his driver’s license. A not-so-innocent bystander picks it up and goes online to buy a new TV. The merchant requires the CVV code, plus address verification, both of which the thief has with the credit cards and driver’s license in hand. There’s not much a merchant can do to prevent a fraudulent purchase in this case, but he is more likely to possibly win a chargeback dispute because he did use the AVS system.
Ultimately, while AVS is not a perfect system, is does add a valuable, extra layer of security, particularly for card-not-present online purchases, one that protects both merchants and consumers. For that reason, online merchants are wise to use AVS as an extra security measure, and it’s worth the extra few seconds it takes to verify every customer’s address for online purchases.
How AVS works: it’s all in the numbers
AVS verifies the numeric portion of a cardholder’s address. For instance, if John Doe is making a purchase and plugs in his address as 4031 Main Street, Anytown, Illinois, 61133, the AVS will compare the numbers 4031 and/or 61133 with the address on file with the card issuer. The merchant is notified as to whether the numbers match or not, helping the merchant to make the wisest decision possible about authorizing a transaction.
AVS is one of the most widely used forms of fraud prevention for card-not-present purchases. Card associations or brands (for example, Mastercard, Visa, American Express) determine the rules and circumstances for banks and merchants when it comes to fraud and chargeback disputes. The associations favor merchants who use AVS, and a merchant is better protected when fraud disputes arise––and they will.
When a merchant makes sure to use AVS and receives a “full match” response, meaning the street address number and zip code the customer uses matches the numbers of the card issuer, it greatly reduces (but doesn’t eliminate) the merchant’s risk of a chargeback.
Without a positive AVS response, card-not-present merchants have fewer dispute rights. In addition, due to the extra security, merchants who process VISA transactions using AVS are given incentives such as better interchange rates and fees than those who do not. Depending upon your selected settings, AVS can sometimes create an increase in inaccurate fraud responses to valid card transactions. This makes it important to balance the level of your selected AVS verification settings so that these selections are complimentary to your business, customers, members, and donors.
Common AVS response codes and what they mean to a merchant
When a merchant requests an AVS check on a transaction, the service automatically responds with a code that signifies how well the customer numbers entered match up with the address in the card issuer’s files. The resulting AVS code could be anywhere from a full match to a partial match to no match. And, based on that info, the merchant can make the decision whether to approve the purchase or decline it.
Following are some common AVS response codes, according to JPMorgan Chase, and how they relate to particular credit card associations:
Code | Visa | MasterCard | Discover | American Express |
Y | Address & 5-digit or 9-digit ZIP match | Address & 5-digit ZIP match | Address only matches | Address & ZIP match |
A | Address matches, ZIP does not | Address matches, ZIP does not | Address & 5-digit ZIP match | Address only matches |
R | System unavailable, retry | System unavailable, retry | Not applicable | System unavailable, retry |
U | Information not available | Information not available | System unavailable, retry | Information not available |
Z | Either 5-digit or 9-digit ZIP match, address does not | 5-digit ZIP matches, address does not | 5-digit ZIP matches, address does not | ZIP code only matches |
N | Neither ZIP nor address match | Neither ZIP nor address match | Neither ZIP nor address match | Neither ZIP nor address match |
How a merchant should use AVS
AVS applies to payments using VISA, Mastercard, American Express, and Discover cards. A merchant using AVS should follow these steps:
For in person or phone transactions ask the customer for the billing address as it appears on his/her monthly statement.
Submit the required numeric portions of the address with the authorization request.
Dig a bit deeper into all AVS partial matches. A “partial match” indicates that the billing address being compared has the same ZIP code or the same numeric values in the street address, but not both. A “no match” response indicates that neither part of the billing address matches the card issuer data.
Evaluate AVS “no match” responses carefully, as they are typically a strong indicator of fraud––but not necessarily. It’s a signal that the merchant should take further steps to authenticate the order.
A “no match” response does not automatically result in the authorization being declined. Again, a little digging may prove the purchase is valid.
If you suspect fraud, it’s not always the case
Not every “no match” response is fraudulent. The AVS provides information, and the merchant must make the decisions. Often, it’s worth the time to follow-up and get more information before declining a purchase.
“Neither ZIP nor address match”
This AVS response is a strong indicator of fraud, but in reality, it could be a legitimate purchase. For example, a customer may have recently moved but has not yet notified his bank. You could follow-up by:
Calling the customer to verify the telephone number, billing address and home address.
Contacting the cardholder’s issuer to determine whether the name, address and telephone number match those in the issuer’s file
Using directory assistance or internet search tools to contact the individual at the billing address and confirm that he or she initiated the transaction
“AVS Service not supported by issuer”
This is a typical response to an international order, which AVS data does not support. One solution might be to fax a credit card slip to the consumer, requesting a faxed signature to verify the order, or to ask for a scanned signature by email. This may not be the most cost-effective means for all international orders, so a dollar threshold could be established to determine what level of risk you’re willing to accept.
What’s involved on the AVS side of authentication
When your customer, students, or members enter an address during checkout and clicks Submit, the following happens:
- Your payment gateway transmits the numeric address data to the customer’s credit card brand (Visa, Mastercard, Discover or American Express)
- The credit card brand then sends this information to the issuer
- The issuer compares the address numbers with the numbers stored on file
- The issuer then sends an authorization status and associated AVS response code to your payment gateway
This process takes only a few seconds and is invisible to your customers.
AVS is just one layer in a multi-layered fraud protection system
AVS authentication is one part of a multilayered fraud protection system to help ensure that valid transactions are approved, and those deemed suspicious are declined. AVS is not a guaranteed fraud prevention solution. Your payment gateway or payment processor should have other fraud protection layers in place, including PCI compliance and tokenization and this should also be supported by the registration, member management, and donor management software service provider you choose.
It’s best to discuss data security measures with your software provider, payment processor, card association, merchant account and bank. In the end, online merchants accepting card-not-present payments are vulnerable. Being extra cautious and discerning will better protect your customers and your business.
Interchange fees explained
Confused by how interchange fees are calculated? Learn how interchange rates work for different credit and debit cards and how they vary from country to country.
After every credit or debit card transaction, businesses need to pay an interchange fee, also known as an interchange reimbursement fee or interchange rate. Many variables can affect the fee amount, and it can be difficult to determine how much the charges will be.
Let’s walk through the factors that impact interchange fees, where you can find the most up-to-date interchange rates, and the regulations that exist to ensure you’re paying a fair price.
What are interchange fees?
Every time a transaction is made via a card scheme (Visa, Mastercard, etc.), the acquirer pays the cardholder’s bank an interchange fee. The business then pays the interchange fee back as part of its card processing fees.
Payment card processing comes with three fees:
Acquirer markup: Charged by the acquirer for acquiring the funds from your shopper
Card scheme fees: Charged by the card scheme for using its network
Interchange fee: Charged by the cardholder’s bank
Interchange fees make up the most significant chunk of card processing fees.
How much are interchange fees?
On average, interchange fees are around 0.3-0.4% of the transaction amount in Europe and 2% in the US.
Card schemes determine interchange fees and are non-negotiable. They are also regularly adjusted. For example, Visa and Mastercard publish new rates in April and October every year.
The most accurate and up-to-date way to find the current rates is to check the card scheme’s website. Below you can find the interchange rates for Visa and Mastercard in different regions:
Visa interchange rates: EU, US, SG, AU, IN
Mastercard interchange rates: EU, US, AU
Some card networks, including American Express and Discover, work slightly differently to Visa and Mastercard and don’t publish their rates online.
How interchange fees are calculated
Many factors influence the interchange fee amount. Here are the key ones to be aware of and how they affect the amount you’re charged:
Card scheme
Different card schemes charge different interchange rates. So the cost of a customer paying with a Visa card won’t be the same as with a Mastercard.
Card-present vs. card-not-present
Card-present (CP) transactions, also known as face-to-face transactions, have lower interchange fees than card-not-present (CNP) transactions. This is because the risk of fraud is lower when the customer’s card is physically present.
Credit vs. debit cards
Credit and deferred debit cards have higher interchange fees than immediate debit and prepaid cards as the level of risk is considered higher.
Merchant category code (MCC)
Your assigned MCC can affect your interchange fees. For example, in the US and Australia, Visa and Mastercard grant lower rates to businesses like charities, travel agents, streaming services, and utilities.
Consumer vs. commercial
Commercial cards charge higher interchange fees than those issued to an individual.
Transaction regionality
Domestic transactions, where the card-issuing bank is in the same country as the business, are generally cheaper than cross-border transactions.
Rewards cards
If a customer uses a rewards card to pay, the interchange fees are generally higher. This is because the increased fees pay for the extras offered by rewards programs.
Can you control any of these factors?
Some of the factors above you can influence, but others you can’t change. For instance, if you convinced your customers to buy more in-store than online, you could reduce your interchange fees.
When it comes to your MCC, however, you have no control. Your MCC is assigned to you and is dependent on the type of business you have.
Lowering your interchange fees may not result in more profit. By limiting your customers’ choices, you could deter them from purchasing from your business.
Learn how to cut your interchange fees with Level 2/3 data
Interchange++ vs. Blended pricing
Interchange++ (or Interchange Plus Plus) and Blended are the most widely used pricing models for card transactions. The main difference between the two is transparency.
Interchange++ shows you a detailed breakdown of the three payment card costs mentioned earlier: the acquirer markup, card scheme fee, and interchange fee.
You only pay the interchange fee the card issuer actually charged you. As interchange fees vary depending on many factors, they can sometimes be lower than a fixed rate.
The alternative to Interchange++ is Blended pricing. The Blended model charges an average processing cost plus a fixed markup. You’re charged the same markup for every transaction, and you can’t see the split of the costs.
This makes it easy to understand, but not very transparent. And there is no guarantee your processor will share any savings with you that they made from lower interchange fees.
How interchange fees can vary per transaction
Interchange fees regulation
Traditionally, there was very little transparency into how interchange fees were calculated. Large businesses with a high volume of transactions could negotiate lower fees, while smaller firms had to pay the full amount.
Markets dominated by the large international card schemes were most vulnerable. Businesses couldn’t afford to refuse the payment methods most of their customers used.
Fortunately, recent progress has been made to standardize interchange fees, with stricter rules and fee caps introduced, and overall transparency increased.
Below is a breakdown of the fees caps across different regions:
The Durbin Amendment (US only)
This amendment, enacted in 2010, is an example of a fee cap for debit and prepaid card transactions.
The Durbin amendment is dependent on the size of the issuing bank’s assets. If the issuing bank has assets of $10bn or more, its debit and prepaid cards will be charged regulated rates. These cards are then subject to an interchange rate of 0.05% + $0.21 or 0.05% + $0.22, depending on fraud prevention policies.
European Interchange Fee Regulation
The European Economic Area (EEA) introduced interchange fee regulation in 2015. This led to the heavy regulation of interchange fees and made the EEA one of the cheapest options worldwide.
Interchange fees are capped for consumer cards in all EEA regions, making it a good place to set up an entity for cross-border transactions. The caps are roughly as follows but may have changed following the writing of this article:
Regionality caps | Debit | Credit |
Domestic | 0.20% | 0.30% |
Intra-regional | 0.20% | 0.30% |
Interregional card-present | 0.20% | 0.30% |
Interregional card-not-present | 1.15% | 1.50% |
How to accept credit cards
Now that you know a few of the important payment processing terms and the flow of transaction and how security and fraud may be assessed, it’s time to be sure you’re working with the right payment processor for your organization.
Setting up your organization to accept credit and debit cards is easier than you might think.
It’s your organization, your members and customers, and your money. You should get to decide how to approach credit card processing. You care about your customers, and that means making payments easy. So find a reputable partner that also cares about making payments easy, safe and convenient for your members , students, and donors.
Simple steps to processing card payments
The best place to start is to find registration, donor, and member management solution that fits your needs from a business process perspective. Then look at the payment options they can provide. Also known as a payment processor option, these companies enable the technology that allows you to accept credit and debit cards. Credit card processors often offer a host of other services that help your business grow, leading many businesses to call their credit card processors, trusted payment partners. While ProClass does support many of the more common gateways such as Authorize.net, CyberSouce, Touchnet, CashNet, NelNet, Sage, Elavon, and others, ProClass also provides a simple cost effective solution called ProClassPay that integrates a more complete set of payment features with enhanced security and capabilities while providing a very simple and competitive fee structure.
Next, decide how you’ll want to accept payments. For taking payments in person, you’ll need a payment acceptance device. Your credit card processor can work with you to select the equipment that works best for your business. From credit card terminals to fully integrated point of sale systems, there’s a solution for every business and every budget.
If you’re jumping into the world of eCommerce, you’ll need a website gateway. There are a host of reputable gateway services, often included within broader eCommerce platform services. Find a solution that fits your business, and make sure they offer flexibility to connect with the payment processor of your choice. With ProClassPay this is all taken care of with no monthly fees or confusing pricing structures.
It’s all up to you. A good processor can work with you no matter where you are in the decision making process, what requirements you have and what your goal is.
Take payments, wherever you do business
No matter how unique or sophisticated your business is, setting up payments can still be simple. There’s a perfect credit card solution out there for you and you don’t have to look far to find it. Today, you can take payments virtually anywhere:
In store: accept in-person payments to serve your customers face-to-face
Online and in-application: accept card-not-present payments through your registration website or administrative software.
Accepting payments should be easy, no matter where you’re doing business. Simple payment processing works where and when you want it to.
Take advantage of smart payment features
A smart solution does the work for you. You don’t have to know everything about accepting credit card payments and the equipment you need. A smart solution has:
Reliable transaction service: The service is dependable, has back up protection, and it’s easy to get help when needed.
Management tools: Payments are one part of a larger system of connected programs that work together to help you run your business efficiently
Easy to understand fees and charges: With ProClassPay you can enjoy a single flat rate for all card types, no monthly fees and a nominal per transaction fee.
You know your business inside and out. You don’t need to be an expert in credit cards too. Payments should make your business operations work smarter, not harder.
5 tips to start accepting payments right away
You know you want to accept credit cards, so how do you make that happen as fast and pain free as possible? Here are some things you can do to speed up the process.
Ask for recommendations. Talk to your software service provider or other business connections you have. Perform research on your own. This can help you narrow things down to a handful of leads.
Make calls to compare providers. Once you have some providers to examine further, check out their websites to get a feel for their service offerings.
Have your current credit card processing statement and other business information ready. A credit card processing professional or account representative with you registration and member management software service can look at your statement and give you informed information and quotes.
Think about how you’ll be doing business. How many customers do you expect to serve per day? What will your average ticket be? Will you offer online sales as well as in-person transactions? What might that mix look like?
Return your fully completed application quickly to speed up the process. Make sure you have all of your information handy when you call to speak with a credit card processor: any DBA name, your business bank account information or a voided check, your social security number, and complete contact information for you and any other account managers.
To learn more about how ProClass can assist you with taking secure online and in person payments via credit or debit card for your classes, camps, memberships, donations and other products and services contact us today. ProClass is PCI DSS compliant and employs all of the security standards you need to be secure and confident in your payment processing. You can reach us on this website by clicking on the link here Contact Us Today or by calling us toll free direct at 866-321-3766.