7 Things Most Small Businesses Don’t Know About Credit Card Payment Processing

7 things to know about small business credit card payment processing

What you don’t know about payment processing could hurt your business, even when you partner with the best credit card processors.

1. You’re subject to processing fees and terms

Small businesses that accept credit cards are subject to processing fees. Credit card processing fees range from 1.7 to 2.05 percent for in-person transactions and 2.25 to 3.25 percent for card-not-present transactions.

These costs may sound minimal, but they add up, especially when applied to big-ticket items. Some payment processors add a flat fee per transaction, which impacts high purchase volume orders.

Consider the following factors to help reduce your credit card fees: 

• Decide if a flat fee or tiered pricing model is best: Consider a flat-rate provider that only charges a higher per-transaction rate and no monthly fee if you have a startup or small business with a low monthly sales volume. Consider a processor that charges a monthly fee with a lower per-transaction rate if you have a larger sales volume or need specialized services.
• Negotiate your rate: Don’t sign on the dotted line until you’re sure you have the lowest possible rate. Look for nonstandard charges, like cancellation fees, and ask your rep to remove them.

2. Card type may affect your processing fees

A credit card company’s processing fee structure may be a fixed rate or an interchange plus rate. 

Interchange plus rate: 

• A minimum transaction fee set by card brands (Visa, Mastercard, Discover and American Express)
• A percentage of the sales transaction amount, usually with a small, fixed fee per transaction 
• Rates vary by brand (Visa vs. Mastercard, for example), card type (debit vs. credit) and factors like a personal, business credit card or a rewards card.
• Credit card processors take the interchange rate and add a small markup, so processing fees for transactions of the same dollar amount vary depending on the type of card used.

Fixed-rate:

• The credit card processor charges the merchant the same percentage and transaction fee regardless of which type of card was used and then passes along the interchange rate to the card brands
• The processing fee changes when the card is used in person using a card reader (the lowest rate), inputted online or manually entered (accepting credit cards over the phone)
• Online and manually entered transactions incur higher fees because they’re more prone to errors and fraud

3. The processing type affects the level of payment data protection

Most debit and credit cards include a magnetic stripe on the back, an EMV chip on the front and near-field communication (NFC) mobile payments with contactless tap technology.

Still, there are online payment security differences when a card is swiped versus tapped or inserted into an EMV payment terminal.

When customers use an EMV chip card or an NFC mobile payment option, like Apple Pay, the processing environment utilizes a security measure called tokenization. This process replaces the sensitive cardholder data, such as the 16-digit personal account number, with a series of randomly assigned numbers used to process the payment.

This means data thieves can’t use the token to commit credit card fraud or identify the account owner.

4. Businesses can take steps to reduce fraud and chargebacks

Chargebacks are when transactions are reversed due to a customer complaint or fraud. These incidents typically cost $15 per occurrence. Credit card processors may even drop companies with numerous chargebacks.

Here’s how businesses can avoid chargebacks: 

• Communicate clearly: Chargebacks often occur because customers are unaware of refund policies or don’t understand product information. Outlining product specs and prominently posting policies and disclaimers avoid costly misunderstandings.
• Keep detailed transaction records: Disputing chargebacks entails proving to your processor that you handled the transaction correctly with detailed transaction records. The best point-of-sale (POS) systems record all transactions, assign them to the appropriate customer files and make printing evidential POS reports
• Streamline sales processing: Allowing customer payments to pile leads to chargebacks. If the period between making a purchase and seeing it on a credit card bill is too long, the customer may have forgotten the purchase, making them more likely to dispute it.

5. Your business is not too small for a payment security breach

According to a Netwrix Research Lab report, 68 percent of surveyed businesses — both large and small — experienced a cyberattack in the past year. Additionally, Tripwire’s Business Impact Report revealed that 73 percent of small business respondents reported experiencing data breaches or cyberattacks. 

If there’s a breach, your business may endure the following ramifications:

• Mandatory investigative audits of payment security practices, which cost an average of $36,000 for small businesses
• Loss of customer trust
• Downtime
• Notification costs
• Reputational damage that can take years to repair

Merchants that don’t accommodate EMV chip cards could be held liable in the event of a payment security breach. You could be held responsible for costs associated with the breach, including the following:

• Identity protection services for breach victims
• Card reissue costs
• Fines 
• Legal fees 

Consider these best practices to protect your business from a data breach: 

• Understand Payment card industry (PCI) compliance responsibilities: PCI compliance is required of payment processors and merchants. The PCI Security Standards Council outlines the specific protocol merchants should follow. If you fail to comply or don’t provide proper proof, you could be charged from $10 to $100 per month until you’re compliant.
• Proactively identify and shore up security vulnerabilities: Conduct audits to proactively identify vulnerabilities and adapt payment processes as your business grows. At a minimum, internal firewall, network hardware and software audits should occur quarterly under PCI-compliant processing standards.

6. Not all payment security issues originate with a hack

Many ransomware attacks start when an employee or contractor unknowingly clicks on a malicious link in an email — not from sophisticated hacks. 

• Never post passwords on computers or POS systems
• Passwords should be changed at least every few weeks
• Passwords should consist of at least eight characters, including letters (uppercase and lowercase), numbers and symbols
• Companies should have filters in place for their email servers
• Employees should be trained to protect the business from cybercrime.

7. Your staff plays a critical role in payment security

One employee’s innocent mistake can compromise payment security. Employee screening, monitoring, training and permissions are key.

• Ensure secure payment procedures: Conduct regular training sessions to reinforce secure payment procedures. Customer credit or debit card numbers should never be written down or kept on file.
• Take care with mobile payments: Mobile payments should only be processed with a secure and password-protected connection via the mobile payment provider’s secure app or mobile reader. Use one of the best mobile credit card processors, and update all mobile device operating systems. 

Payment processing best practices

Use the following practices to minimize payment processing expenses.

Choose the right credit card processor.

Credit card processors’ rates, fees, software features, hardware and customer service vary widely, so vetting credit card processing companies is essential.

“Common issues that pop up when integrating credit card processing include a lack of transparency when it comes to fees and contract terms,” said Jeff Bucher, senior product strategy manager at Alkami Technology. “These impact mission-critical components like processing times and rates and common hidden fees can be statement fees or non-compliance penalties.”

Review each company’s costs, features and reputation before making a choice.

“Flexibility is key, and I’ve found that working with processors who offer month-to-month agreements makes it easier to pivot if a better solution comes along,” said Darian Shimy, CEO of FutureFund Technology. “I’m also cautious of providers that push equipment leasing at inflated rates. It’s almost always better to buy outright.”

Review your credit card processing statements and contracts periodically

The credit card processor or processing plan for startups isn’t always the best choice as your business scales. A higher processing volume can make fixed-rate credit card processing fees too costly, and you should consider switching to an interchange-plus model. You’ll likely find that you need processing software with more advanced capabilities, such as industry-specific features or robust customer management and marketing capabilities.

Explore whether your current credit card processing company has a different plan that more adequately meets your needs.

Accept many different payment types.

Shoppers use digital payment methods in addition to credit and debit cards, so accepting various payment types is a win-win.

Most payment processors support multiple payment types, but you may need to contact your company to ensure digital wallets like Apple Pay, Google Pay and Samsung Pay are accepted.

Optimize for international sales.

Investigate international payment processing rates if a significant portion of your sales is international or you plan to expand your e-commerce store globally. A wide range of processing rates exists for international transactions and currency conversion. 

Shop around for a payment processor with lower international processing rates. Be sure to include language translation on your online checkout pages and account for additional costs, such as value-added tax or tariffs.

Protect customer payment data

You’re still responsible for securing customer payment data, even if your processor is PCI-compliant. Here’s how to protect payment data:

• Limit access to payment data to select employees
• Train employees on proper procedures 
• Encrypt data in your system
• Assign unique employee logins
• Work with internal information technology departments or a third-party cybersecurity firm

Update your card reader hardware

The latest hardware allows you to accept chips and taps (EMV and NFC). These methods are more secure and user-friendly for staff and customers. Newer card reader hardware may also include helpful features, like allowing the cashier to swivel the touchscreen so the customer can input a PIN or add a tip.

Evaluate your need for mobile card readers

Mobile POS systems are a must for mobile businesses, including food trucks and farmers market vendors. However, they’re also a boon for fixed-location businesses. Fast food and quick-service restaurants and retailers can reduce customer waiting time by sending out cashiers armed with mobile credit card readers or mobile POS devices. Mobile readers can also be used for businesses with large showrooms where customers order products for delivery.

Utilize fraud prevention tools

Add fraud prevention software to your online store or app because these tools look for suspicious patterns and anomalies that could be signs of fraud. Many credit card processors allow you to add fraud prevention features such as zip code, CVV or address verification to your account (frequently for an additional monthly fee).

“These features allow businesses to choose optimal processors for specific transaction types, maximizing both efficiency and cost savings,” said Amit Malhotra, head of partnerships at Wink. “Taking advantage of modern tools and integrations also reduces operational friction, ensuring businesses can scale without compromising security or customer satisfaction.”