Menu
Business.com aims to help business owners make informed decisions to support and grow their companies. We research and recommend products and services suitable for various business types, investing thousands of hours each year in this process.
As a business, we need to generate revenue to sustain our content. We have financial relationships with some companies we cover, earning commissions when readers purchase from our partners or share information about their needs. These relationships do not dictate our advice and recommendations. Our editorial team independently evaluates and recommends products and services based on their research and expertise. Learn more about our process and partners here.
What you don't know about payment processing can hurt your company — and your bottom line.
What you don’t know can hurt you when it comes to how your small business handles sensitive payment data. Being unaware of the risks and responsibilities you inherently assume in payment processing can expose your business to fines, fees and operational upheaval. Even more importantly, you risk damaging your company’s reputation and customers’ trust.
We’ll explain some crucial facts about payment processing to help your business proactively address issues that affect your company and your customers’ sensitive payment data.
Editor’s note: Looking for the right credit card processor for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.>
Even when using one of the best credit card processors, what you don’t know about payment processing can hurt your business. Consider the following seven essential payment processing facts to understand your business’s risks and responsibilities better.
When small businesses accept credit cards, they’re subject to processing fees for each transaction. Top providers’ average credit card processing fees range from 1.7 to 2.05 percent for in-person transactions and 2.25 to 3.25 percent for card-not-present transactions. These costs may sound minimal, but they add up, especially when applied to big-ticket items.
Additionally, some payment processors add a flat fee per transaction, which can significantly impact your bottom line if you have a high purchase volume.
Consider the following factors to help reduce your credit card fees and save on processing costs:
A credit card company’s processing fee structure may be a fixed rate or an interchange plus rate. The interchange plus rate is a minimum transaction fee set by the card brands, such as Visa, Mastercard, Discover and American Express. It consists of a percentage of the sales transaction amount, usually with a small, fixed fee per transaction.
However, many small businesses don’t know that interchange rates vary by card brand (Visa vs. Mastercard, for example), card type (debit vs. credit) and other factors, such as whether it’s a personal or business credit card or a rewards card.
When credit card processors use interchange plus pricing, they take the interchange rate and add a small markup. This means processing fees for transactions of the same dollar amount can vary depending on the type of card used to make the purchase.
With fixed-rate pricing, the credit card processor charges the merchant the same percentage and transaction fee regardless of which type of card was used and then passes along the interchange rate to the card brands. Typically, the only thing that will change the processing fee is whether the card was used in person using a card reader (the lowest rate), inputted online or manually entered, such as when you accept credit cards over the phone. Online and manually entered transactions are more prone to errors and fraud, so they incur a higher fee.
Nowadays, most debit and credit cards include a magnetic stripe on the back and an EMV chip on the front. Card issuers also typically support near-field communication (NFC) mobile payments with contactless tap technology.
Still, many businesses don’t realize there are significant online payment security differences when a card is swiped versus tapped or inserted into an EMV payment terminal.
When a customer uses an EMV chip card or an NFC mobile payment option, such as Apple Pay, the processing environment utilizes a security measure called tokenization. This process replaces the sensitive cardholder data, such as the 16-digit personal account number, with a series of randomly assigned numbers used to process the payment.
If the transaction is intercepted during processing or is later compromised in a breach, data thieves can’t use the token to commit further credit card fraud or identify the account owner.
Chargebacks are when transactions are reversed due to a customer complaint or fraud. These incidents can be expensive for small businesses, typically costing $15 per occurrence. Credit card processors may even drop companies with numerous chargebacks.
Avoiding chargebacks is crucial. Here’s how businesses can reduce them and their associated costs:
According to a Netwrix Research Lab report, 68 percent of surveyed businesses — both large and small — experienced a cyberattack in the past year. Additionally, Tripwire’s Business Impact Report revealed that 73 percent of small business respondents reported experiencing data breaches or cyberattacks within the previous year. Businesses of all sizes must be concerned about cyberthreats, including payment security breaches.
Unfortunately, most small businesses that fall victim to a payment security breach don’t know it occurred until the damage is done. If there’s a breach, your business may endure the following ramifications:
An investigative audit of your payment security practices may find that you’re party to a payment transaction with the lowest level of security. For example, merchants that don’t accommodate EMV chip cards could be held liable in the event of a payment security breach. You could potentially be held responsible for costs associated with the breach, including the following:
To protect your business from a data breach, consider these best practices:
Not all breaches stem from sophisticated hacks. Internal mistakes and unpatched vulnerabilities can lead to serious payment security issues. Many ransomware attacks start when an employee or contractor unknowingly clicks on a malicious link in an email.
Your internal procedures will significantly impact your payment security. For instance, never post passwords on computers or POS systems. Passwords should be changed at least every few weeks and, ideally, consist of at least eight characters, including letters (uppercase and lowercase), numbers and symbols.
Additionally, companies should have filters in place for their email servers and employees should be trained to protect the business from cybercrime.
One employee’s innocent mistake can compromise payment security and cost your business dearly. For this reason, employee screening, monitoring, training and permissions are key. Consider the following tips:
Companies with a high volume of credit card sales will incur significant expenses in the form of processing rates, monthly fees and incidental costs. Use the following best practices to minimize expenditures and improve sales.
Credit card processors’ rates, fees, software features, hardware and customer service vary widely, so carefully vetting potential credit card processing companies is essential.
Jeff Bucher, senior product strategy manager at Alkami Technology, noted that matching your processor to your business model is crucial, as is learning about all fees and terms. “Common issues that pop up when integrating credit card processing include a lack of transparency when it comes to fees and contract terms,” Bucher cautioned. “These impact mission-critical components like processing times and rates and common hidden fees can be statement fees or non-compliance penalties.”
Darian Shimy, CEO of FutureFund Technology, pointed out that long-term contracts with early termination fees should be avoided at all costs. “Flexibility is key, and I’ve found that working with processors who offer month-to-month agreements makes it easier to pivot if a better solution comes along,” Shimy advised. “I’m also cautious of providers that push equipment leasing at inflated rates. It’s almost always better to buy outright.”
Take your time reviewing each company’s costs, features and reputation before making a choice.
The credit card processor or processing plan you chose as a startup may not necessarily be the best choice as your business scales. For example, a higher processing volume can make fixed-rate credit card processing fees too costly, and you might want to consider switching to an interchange-plus model. You also might find that you now need processing software with more advanced capabilities, such as industry-specific features or robust customer management and marketing capabilities.
Explore whether your current credit card processing company has a different plan that more adequately meets your needs. If not, consider switching providers.
Today’s shoppers use a wide array of digital payment methods in addition to credit and debit cards, so accepting various payment types is a win-win. The more you can accommodate customers’ preferred payment methods, the more sales you’ll make.
Most payment processors support multiple payment types, but you may need to contact your company to ensure digital wallets like Apple Pay, Google Pay and Samsung Pay are added to your account.
If a significant portion of your sales is international or you plan to expand your e-commerce store globally, investigate your international payment processing rates. A wide range of processing rates exists for international transactions, especially if you require currency conversion. If necessary, shop around for a payment processor with lower international processing rates. Be sure to include language translation on your online checkout pages and account for additional costs, such as value-added tax or tariffs.
Even if your processor is PCI-compliant, you’re still responsible for securing customer payment data. Limit access to payment data to only a few select employees, encrypt data in your system and train employees on proper procedures for handling payment data. Assign unique employee logins so it’s clear who’s responsible if certain files are improperly accessed. Work with your internal information technology department or a third-party cybersecurity firm to continually protect your systems from hacking and other incursions from bad actors.
If your company has accepted payments for a while, it may be time to update your card reader and POS hardware. The latest hardware allows you to accept chips and taps (EMV and NFC) — methods that are more secure and user-friendly for staff and customers. Newer card reader hardware may also include helpful features, like allowing the cashier to ring up a purchase and swivel the touchscreen so the customer can input a PIN or add a tip.
Mobile POS systems are a must for mobile businesses, including food trucks and farmers market vendors. However, they can also be a boon for fixed-location businesses. During a busy season, fast food and quick-service restaurants and retailers can reduce customer waiting time by sending out cashiers armed with mobile credit card readers or mobile POS devices. Mobile readers can also be used for businesses with large showrooms where customers order products for delivery.
If you have an online store, add fraud prevention software to your e-commerce site or app. These tools look for suspicious patterns and anomalies that could be signs of fraud. Additionally, many credit card processors allow you to add fraud prevention features such as zip code, CVV or address verification to your account (frequently for an additional monthly fee).
Amit Malhotra, head of partnerships at Wink, advises businesses to choose processors with robust fraud protections and payment orchestration gateways. “These features allow businesses to choose optimal processors for specific transaction types, maximizing both efficiency and cost savings,” Malhotra explained. “Taking advantage of modern tools and integrations also reduces operational friction, ensuring businesses can scale without compromising security or customer satisfaction.”