business.com receives compensation from some of the companies listed on this page. Advertising Disclosure
ArrowFinance

5 Things Most Small Businesses Don’t Know About Credit Card Payment Processing

Updated Jan 25, 2024

Table of Contents

Open row

What you don’t know can hurt you when it comes to how your small business handles sensitive payment data. In fact, being unaware of the risks and responsibilities you inherently assume in payment processing can expose your business to fines, fees and operational upheaval. Even more importantly, you risk damaging your company’s reputation and customers’ trust. 

Being aware of the costs and risks and proactively addressing them will help protect your company and your customers’ sensitive payment data.

Editor’s note: Looking for the right credit card processor for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.>

5 things to know about small business credit card payment processing

Here are five things most businesses don’t know about payment processing. 

1. You’re subject to processing fees and terms.

When small businesses accept credit cards, they’re subject to processing fees for each transaction. Top providers’ average credit card processing fees range from 1.7 to 2.05 percent for in-person transactions and 2.25 to 2.5 percent for card-not-present transactions. These costs may sound minimal, but they add up, especially when they’re applied to big-ticket items. Additionally, some payment processors add a flat fee per transaction, which can significantly impact your bottom line if you have a high purchase volume.

Consider the following factors to help reduce your credit card fees and save on processing costs: 

  • Decide if a flat fee or tiered pricing model is best. Some credit card processors assess fees using a flat-rate pricing model; others have a tiered system that charges processing fees based on the transaction type. Some charge monthly fees in addition to the per-transaction rate. Before you sign with a processor, evaluate what’s best for your business. Consider a flat-rate provider if you have a startup or small business with a low monthly sales volume. If you have a larger sales volume or need specialized services, consider a processor that charges an inclusive monthly fee with a lower transaction rate. 
  • Negotiate your rate. When selecting a payment provider, you can negotiate your rate to some extent. Don’t sign on the dotted line until you’re sure you have the lowest possible rate without compromising on the services you need. Look for nonstandard charges, like cancellation fees, and ask your rep to remove them.
  • Minimize charge-back fees. Consider using online payment security measures, such as robust identity verification, to minimize charge-backs. Each charge-back can cost $15 or more, so do everything in your power to avoid charge-back fees.  
TipBottom line

Many business credit card processing fees are tax deductible, so be sure to itemize these costs on your next tax return.

2. The processing type affects the level of payment data protection.

Nowadays, most debit and credit cards include a magnetic stripe on the back and an EMV (Europay, Mastercard and Visa) chip on the front. Card issuers also typically support NFC mobile payments with contactless tap technology.

Still, many businesses don’t realize there are significant payment security differences when a card is swiped versus tapped or inserted into an EMV payment terminal.

When a customer uses an EMV chip card or an NFC mobile payment option such as Apple Pay, the processing environment utilizes a security measure called tokenization. This process replaces the sensitive cardholder data (i.e., the 16-digit personal account number) with a series of randomly assigned numbers used to process the payment.

If the transaction is intercepted during processing or is later compromised in a breach, data thieves can’t use the token to commit further credit card fraud or identify the account owner.

3. Your business is not too small for a payment security breach.

According to research from BlackFog, from June 2022 to June 2023, 61 percent of small and midsize businesses were victims of successful cyberattacks. Of these, 58 percent experienced business downtime that impacted operations and profitability, and 39 percent had a breach of sensitive customer data.

Unfortunately, most small businesses that fall victim to a payment security breach don’t know it occurred until the damage is done. If there’s a breach, your business may endure the following ramifications: 

  • Mandatory investigative audits of payment security practices (which cost an average of $36,000 for small businesses)
  • Loss of customer trust
  • Downtime
  • Notification costs
  • Reputational damage that can take years to repair

An investigative audit of your payment security practices may find that you’re party to a payment transaction with the lowest level of security. For example, merchants that don’t accommodate EMV chip cards could be held liable in the event of a payment security breach. You could potentially be held responsible for costs associated with the breach, including the following: 

  • Identity protection services for breach victims
  • Card reissue costs
  • Fines 
  • Legal fees 

To protect your business from a data breach, consider these best practices: 

  • Understand PCI compliance responsibilities. Payment card industry (PCI) compliance is required of payment processors and merchants. The PCI Security Standards Council outlines the specific protocol merchants should follow based on their volume and type of annual transactions. If you fail to comply — or comply without providing proper proof — your payment processor could charge you anywhere from $10 to $100 per month until you’re in full compliance. It’s wise to choose a payment processor that guarantees PCI-compliant payment processing and accommodates NFC and EMV chip card technology at the point of sale (POS). 
  • Proactively identify and shore up security vulnerabilities. Conduct audits to proactively identify vulnerabilities and potentially adapt payment processes as your business grows. At a minimum, internal firewall, network hardware and software audits should occur quarterly under PCI-compliant processing standards.
TipBottom line

To get started with internal audits of your processes and equipment, conduct a cybersecurity risk assessment to find vulnerabilities and protect your business and its customers.

4. Not all payment security issues originate with a hack.

Not all breaches stem from a sophisticated hack. Internal mistakes and unpatched vulnerabilities can lead to serious payment security issues. For example, many ransomware attacks start when an employee or contractor unknowingly clicks on a malicious link in an email.

Your internal procedures will have a significant impact on your payment security. For example, never post passwords on computers or POS systems. Passwords should be changed at least every few weeks and, ideally, consist of at least eight characters, including letters (uppercase and lowercase), numbers and symbols. 

Additionally, companies should have filters in place for their email servers, and employees should be trained to protect the business from cybercrime.

Key TakeawayKey takeaway

As part of your small business cybersecurity plan, install top-notch antivirus and internet security applications to help protect your systems.

5. Your staff plays a critical role in payment security.

One employee’s innocent mistake can compromise payment security and cost your business dearly. For this reason, employee screening, monitoring, training and permissions are key. Consider the following tips: 

  • Ensure secure payment procedures. Conduct ongoing training sessions to ensure secure payment procedures. For example, customer credit or debit card numbers should never be written down or kept on file.
  • Take care with mobile payments. Mobile payments should be processed only with a secure and password-protected connection via the mobile payment provider’s secure app or dongle. Use one of the best mobile credit card processors, and update all mobile device operating systems to ensure the latest security vulnerabilities are patched. 

Best credit card processors

The best credit card processors offer robust security and transparent pricing that helps you choose the best pricing model for your business. Here are a few excellent companies to consider as you start evaluating payment processing partners. 

Helcim

Helcim is a versatile payment platform that allows you to accept multiple transaction types. It supports online transactions, QR codes, invoicing and recurring payments. You can accept NFC mobile payments and payments via chip credit and debit cards, ACH (electronic check) and more. Read our detailed Helcim review for information about its low interchange plus processing fees and no monthly fees. 

Square

Square is a payment facilitator. For this reason, unlike many traditional payment processors, Square will likely approve you even if you’re a startup or have less-than-perfect credit. Square also offers flat-rate processing fees with no monthly fees. Check out our detailed Square review to learn how your business can get a free online storefront and POS system. 

Clover

Clover provides POS software and hardware, along with payment processing services that facilitate credit card payments and many other digital payment methods. Our comprehensive Clover review explains how the company can simplify your POS and payment processing needs.  

Stax

Stax uses a wholesale subscription-based pricing model with three pricing tiers. In addition to a monthly fee that ranges from $99 to $199, Stax charges a small per-transaction fee, making it ideal for high-transaction-volume businesses. Our in-depth Stax review explains how the processor provides merchants with a mobile app, multiple software integrations and a free online storefront. 

Jennifer Dublino
Contributing Writer
Jennifer Dublino is a prolific researcher, writer, and editor, specializing in topical, engaging, and informative content. She has written numerous e-books, slideshows, websites, landing pages, sales pages, email campaigns, blog posts, press releases and thought leadership articles. Topics include consumer financial services, home buying and finance, general business topics, health and wellness, neuroscience and neuromarketing, and B2B industrial products.
BDC Logo

Get Weekly 5-Minute Business Advice

B. newsletter is your digest of bite-sized news, thought & brand leadership, and entertainment. All in one email.

Back to top