Default HubSpot Blog

Current Articles | RSS Feed RSS Feed

Which merchant account type is right for your business? | We explain

Posted by Alex Neir on Mon, March 12, 2012 @ 02:26 PM
Merchant Account Types

When considering opening a merchant account it is important to understand that there are a few different merchant account types that your business can qualify for. The type of merchant account that is right for your business will depend on how you are accepting credit cards.

There are essentially two types of accounts that are offered, a swipe account or a keyed account. We will discuss both.

Swiped Account / Retail Account

This account type is set up for establishments that conduct business face to face and transact credit cards via swiping the credit card through a credit card terminal.  The approval criteria for a swiped merchant account states that 80% or more of your credit card transactions must be swiped through a terminal. The transaction fees associated with a swiped account are the lowest available. The rates are lower for this account type due to the fact that occurrences of fraud are typically lower when the customer has to present the credit card in person. More information on protecting your business from fraud.

Keyed Account (Internet Accounts, Mail Orders, Telephone Orders, Fax Orders)

Keyed merchant accounts are set up for establishments that do not conduct business face to face. This account type is set up for situations where the credit card information is keyed or typed into a terminal, virtual terminal or website. This type of account represents a higher degree of risk for the processing bank. This is due to the fact that the identity of the customer completing the order cannot be guaranteed.  The transactional rates for a keyed account will be slightly higher because of the increased risk of potential fraud. When accepting orders with keyed merchant account it is important to gather as much information as possible to verify the credit card information matches the information on file with the bank that issued the credit card. It is customary to gather the following at the very minimum:

  • Credit Card Number
  • Expiration Date
  • Billing Zip Code
  • CVV Code

If your business operates in an industry that has a greater degree of fraud attempts if might be advantageous to take advantage of additional fraud prevention tools

Tags: Merchant Account Types, Merchant Account Fraud, Merchant Account Education

Merchant Account Fraud – 3 ways to protect your business

Posted by Alex Neir on Thu, December 01, 2011 @ 03:33 PM
Merchant Account Fraud Protection

With the proliferation of the digital era more and more businesses are seeking the ease and convenience of the internet to increase sales. Unfortunately, the criminally minded have seen this as a giant opportunity to maliciously profit from unsuspecting businesses. As a business utilizing the internet as a sales channel how do you protect against potential losses from such criminals?

The answer is a fraud detection solution.  

Most fraud detection solutions are based on a management utility that allows merchants to configure extensive filters to help in detecting fraud and screening suspicious transactions. The combination of an extensive reporting system gives merchants a quick and easy way to review transactions, block suspicious activity, and zero in on malicious users.

3 ways to protect your business from merchant account fraud utilizing a fraud detection solution.

  1. Thresholds – Allows your business to set specific parameters for detecting fraud
  2. User bans – Ban specific users by IP address, credit card number, country, etc
  3. Exceptions – Set specific exceptions to make sure you don’t exclude legitimate customers

Merchant defined thresholds

Thresholds let your business define rules that are applied to each order as it is processed. Rules can be simple to complex and can apply in sequence. For example you can define a dollar limit for a specific order, total for the day or week. You can also set up limits for the number of orders in a given day or week.  Limits can be linked to a specific IP address or credit card number. Additional features allow for limits to be set for the number of credit card numbers that can be used. This eliminates criminals from testing cards for approval. Once your specific rules have been configured you can set the system to flag the transactions for review of decline them immediately.

Merchant defined user bans

In addition to dynamic transaction review, static user bans are effective at eliminating known threats. For example if your business is experiencing repeated fraud attempts from a single IP address or band of IP addresses you are able to configure a specific rule to eliminate the threat. You are also able to ban specific credit cards numbers or bank bin numbers to eliminate credit cards from a suspicious bank. Known problematic geographic regions can also be banned. 

Merchant defined exceptions

With any good fraud detection solution there will always be exceptions to the rules you establish. A proper fraud management solution should allow for specific overrides to be defined making sure legitimate customers are not prevented from a successful purchase.

Click me

Tags: Online Fraud Protection, Merchant Account Fraud, Fraud Reduction

A $50,000 transaction, should you run it?

Posted by Alex Neir on Tue, November 09, 2010 @ 12:57 PM
Risky Credit Card Transaction

When you signed up for your merchant account you specified your average transaction amount, your high transaction amount and your estimated monthly sales volume. These values were used during the underwriting phase of your account acceptance and represent the soft limits for your account. Most processors won’t have a problem if you exceed any one of these by a nominal amount. On the other hand if you exceed any one of them by an excessive amount you are raising a red flag with your processor.

Now should you run a $50,000 transaction with your merchant account? The question would be – did you specify a high ticket amount of $50,000 or more when you completed your application? Typically when a new merchant account is set up the business owner will estimate what they think the volume, average ticket and high ticket will be. It is always a good idea to exaggerate the values to approx double, ever triple the expected amount. This is a good practice to allow for expected growth of the business.

With regard to our $50,000 transaction, if your normal transaction size is $30,000 and your high ticket amount is $45,000 then you will likely have little problem with an amount slightly above at $50,000. Now if your average transaction is $35 and you high ticket amount is $500, then running a $50,000 transaction is a very bad idea. This transaction represents a great deal of risk for a business that is averaging $35 per transaction, both for the business and the processor.

Why is that a risk?

The risk of the transaction lies in the likelihood of fraud or a chargeback. This risk is substantial to your processor because if you commit fraud or have a large number of chargebacks with the inability to pay for them then the processor is stuck with the bill. Situations like these are handled differently with each processor. Some have automated systems that will flag a transaction if its outside the specified boundaries. Others have actual humans that review each account. Some processors allow for the business to exceed their limits temporarily while others will permanently shut down the account if the limits are exceeded. Regardless of the rules with your specific processor you are pretty much guaranteed to have your batch reviewed if it exceeded your specified monthly volume limit.

Most credit card processor’s risk departments have very specific operational guidelines they adhere to.  It is very important to know that they have complete control over the money that flows though the account they have underwritten. That being said, if your account breaks the rules the consequences can be severe. Some will shut down your account and never release any funds that are in excess of the guidelines approved for your account. Some will hold the funds for extended periods of time. Others won’t tell you the funds have been held and will wait for you to call in. Once your account or funds are transferred to the risk department within your processor it can be a very long, frustrating and cumbersome process to correct.

What should you do if you absolutely have to run a larger transaction?

I always suggest you be proactive. Call you processor and tell them what you would like to do. They may approve the transaction on the spot. They may want a signed invoice authorizing the charge from you customer. They may want to see recent bank account balances for the business. The point is that if you call ahead and seek approval first you are likely to avoid a great deal of headache later.

To sum it up:

Always try to get approved for the maximum amount possible when opening your account and secondly always ask before you attempt to exceed the approved limits on your account.

Tags: Merchant Account, Merchant Account Fraud, Merchant Account Soft Limit, Risky Credit Card Transactions

Protect your business from merchant account fraud. Card Testing.

Posted by Alex Neir on Tue, October 05, 2010 @ 03:27 PM
Merchant Account Fraud
Does your business accept payments from a payment gateway or ecommerce site? What you pass back to the customer when the credit card is declined may expose your business to a new form of merchant account fraud, called card testing and end up costing you a bundle.

Maxx typically recommends making the response to the customer as vague as possible and specific as necessary. After all, the goal is to retain the customer’s order through offering helpful messaging in the case of an error. There is a very important balance here as you do not want to provide too much information making it advantageous for card testers to use your site.

Card testing fraud is a two step procedure. Step one is the practice of using a computer program to test credit card numbers until a valid card number is found. Step two is to use a similar program to then find the correct expiration date to validate the transaction.

Your merchant account and gateway charges you for every transaction regardless of weather the transaction is approved or declined. There for if your site is providing the correct information to a card tester they will typically attempt as many transactions as necessary to get a card number and expiration match. The result – hundreds, if not thousands of attempts. Depending on you’re contracted per transaction rate, this could result in substantial costs to your business.

How can you protect your business?

First, block the IP addresses for known card testers. Here is a list of the IP addresses for know card testers.

Second, develop an error messaging strategy with different responses depending on the error passed from the gateway. Again, a good practice is to be as vague as possible and specific as necessary.  

Some Examples:

General: We are terribly sorry but the card you are attempting to use has been declined. Please use an alternate credit card and submit your order again. If you are still experience difficulty please contact us directly at (800)xxx-xxxx and we’ll be happy to assist you.”


AVS mismatch, or other error: We are sorry but the address and zip code entered does not match the information on file with your credit card issuer. Please re-enter the address and zip code. If you are still experience difficulty please contact us directly at (800)xxx-xxxx and we’ll be happy to assist you.”

It is always a good idea to monitor your transaction closely to insure you are not victimized by fraud attempts. If you feel you are experiencing an abundance of merchant account fraud attempts there are numerous tools available to help mitigate credit card fraud. If you would like information on these tools please contact us at (800)917-8026.

Tags: Payment Gateway, Maxx Payment Gateway, Merchant Account Fraud