BDC Hamburger Icon

Menu

Close
BDC Logo
Search Icon
ArrowFinance
Advertising Disclosure
Close
Advertising Disclosure

Business.com aims to help business owners make informed decisions to support and grow their companies. We research and recommend products and services suitable for various business types, investing thousands of hours each year in this process.

As a business, we need to generate revenue to sustain our content. We have financial relationships with some companies we cover, earning commissions when readers purchase from our partners or share information about their needs. These relationships do not dictate our advice and recommendations. Our editorial team independently evaluates and recommends products and services based on their research and expertise. Learn more about our process and partners here.

7 Things Most Small Businesses Don’t Know About Credit Card Payment Processing

What you don't know about payment processing can hurt your company — and your bottom line.

author image
Written by: Jennifer Dublino, Senior WriterUpdated Jan 16, 2025
Shari Weiss,Senior Editor
Business.com earns commissions from some listed providers. Editorial Guidelines.
Table Of Contents Icon

Table of Contents

Open row

What you don’t know can hurt you when it comes to how your small business handles sensitive payment data. Being unaware of the risks and responsibilities you inherently assume in payment processing can expose your business to fines, fees and operational upheaval. Even more importantly, you risk damaging your company’s reputation and customers’ trust. 

We’ll explain some crucial facts about payment processing to help your business proactively address issues that affect your company and your customers’ sensitive payment data.

Editor’s note: Looking for the right credit card processor for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.>

7 things to know about small business credit card payment processing

Even when using one of the best credit card processors, what you don’t know about payment processing can hurt your business. Consider the following seven essential payment processing facts to understand your business’s risks and responsibilities better. 

1. You’re subject to processing fees and terms.

When small businesses accept credit cards, they’re subject to processing fees for each transaction. Top providers’ average credit card processing fees range from 1.7 to 2.05 percent for in-person transactions and 2.25 to 3.25 percent for card-not-present transactions. These costs may sound minimal, but they add up, especially when applied to big-ticket items. 

Additionally, some payment processors add a flat fee per transaction, which can significantly impact your bottom line if you have a high purchase volume.

Consider the following factors to help reduce your credit card fees and save on processing costs: 

  • Decide if a flat fee or tiered pricing model is best: Some credit card processors assess fees using a flat-rate pricing model; others have a tiered system that charges processing fees based on the transaction type. Some charge monthly fees in addition to the per-transaction rate. Before signing with a processor, evaluate what’s best for your business. Consider a flat-rate provider if you have a startup or small business with a low monthly sales volume. If you have a larger sales volume or need specialized services, consider a processor that charges an inclusive monthly fee with a lower transaction rate.
  • Negotiate your rate: When selecting a payment provider, you can negotiate your rate to some extent. Don’t sign on the dotted line until you’re sure you have the lowest possible rate without compromising on the services you need. Look for nonstandard charges, like cancellation fees and ask your rep to remove them.
Did You Know?Did you know
Some business credit card fees are tax deductible, including annual fees and late fees, so be sure to itemize these costs on your next tax return.

2. Card type may affect your processing fees. 

A credit card company’s processing fee structure may be a fixed rate or an interchange plus rate. The interchange plus rate is a minimum transaction fee set by the card brands, such as Visa, Mastercard, Discover and American Express. It consists of a percentage of the sales transaction amount, usually with a small, fixed fee per transaction. 

However, many small businesses don’t know that interchange rates vary by card brand (Visa vs. Mastercard, for example), card type (debit vs. credit) and other factors, such as whether it’s a personal or business credit card or a rewards card.

When credit card processors use interchange plus pricing, they take the interchange rate and add a small markup. This means processing fees for transactions of the same dollar amount can vary depending on the type of card used to make the purchase.

With fixed-rate pricing, the credit card processor charges the merchant the same percentage and transaction fee regardless of which type of card was used and then passes along the interchange rate to the card brands. Typically, the only thing that will change the processing fee is whether the card was used in person using a card reader (the lowest rate), inputted online or manually entered, such as when you accept credit cards over the phone. Online and manually entered transactions are more prone to errors and fraud, so they incur a higher fee.

3. The processing type affects the level of payment data protection.

Nowadays, most debit and credit cards include a magnetic stripe on the back and an EMV chip on the front. Card issuers also typically support near-field communication (NFC) mobile payments with contactless tap technology.

Still, many businesses don’t realize there are significant online payment security differences when a card is swiped versus tapped or inserted into an EMV payment terminal.

When a customer uses an EMV chip card or an NFC mobile payment option, such as Apple Pay, the processing environment utilizes a security measure called tokenization. This process replaces the sensitive cardholder data, such as the 16-digit personal account number, with a series of randomly assigned numbers used to process the payment.

If the transaction is intercepted during processing or is later compromised in a breach, data thieves can’t use the token to commit further credit card fraud or identify the account owner.

4. Businesses can take steps to reduce fraud and chargebacks.

Chargebacks are when transactions are reversed due to a customer complaint or fraud. These incidents can be expensive for small businesses, typically costing $15 per occurrence. Credit card processors may even drop companies with numerous chargebacks.

Avoiding chargebacks is crucial. Here’s how businesses can reduce them and their associated costs: 

  • Communicate clearly: Chargebacks often occur because the customer is unaware of refund policies or doesn’t understand product information. Clearly outlining product specs and prominently posting policies and disclaimers can help you avoid these costly misunderstandings. 
  • Keep detailed transaction records: Disputing chargebacks entails proving to your processor that you handled the transaction correctly and you’ll need detailed transaction records to do this. The best point-of-sale (POS) systems record all transactions, assign them to the appropriate customer file and make printing evidential POS reports easy.
  • Streamline sales processing: Allowing customer payments to pile up disrupts cash flow and can lead to chargebacks. If the period between making a purchase and seeing it appear on a credit card bill is too long, the customer may have forgotten the purchase, making them more likely to dispute it.

5. Your business is not too small for a payment security breach.

According to a Netwrix Research Lab report, 68 percent of surveyed businesses — both large and small — experienced a cyberattack in the past year. Additionally, Tripwire’s Business Impact Report revealed that 73 percent of small business respondents reported experiencing data breaches or cyberattacks within the previous year. Businesses of all sizes must be concerned about cyberthreats, including payment security breaches.

Unfortunately, most small businesses that fall victim to a payment security breach don’t know it occurred until the damage is done. If there’s a breach, your business may endure the following ramifications: 

  • Mandatory investigative audits of payment security practices, which cost an average of $36,000 for small businesses
  • Loss of customer trust
  • Downtime
  • Notification costs
  • Reputational damage that can take years to repair

An investigative audit of your payment security practices may find that you’re party to a payment transaction with the lowest level of security. For example, merchants that don’t accommodate EMV chip cards could be held liable in the event of a payment security breach. You could potentially be held responsible for costs associated with the breach, including the following: 

  • Identity protection services for breach victims
  • Card reissue costs
  • Fines 
  • Legal fees 

To protect your business from a data breach, consider these best practices: 

  • Understand Payment card industry (PCI) compliance responsibilities: PCI compliance is required of payment processors and merchants. The PCI Security Standards Council outlines the specific protocol merchants should follow based on their volume and type of annual transactions. If you fail to comply — or comply without providing proper proof — your payment processor could charge you anywhere from $10 to $100 per month until you’re in full compliance. It’s wise to choose a payment processor that guarantees PCI-compliant payment processing and accommodates NFC and EMV chip card technology at the POS. 
  • Proactively identify and shore up security vulnerabilities: Conduct audits to proactively identify vulnerabilities and potentially adapt payment processes as your business grows. At a minimum, internal firewall, network hardware and software audits should occur quarterly under PCI-compliant processing standards.
TipBottom line
Before starting internal audits of your processes and equipment, conduct a cybersecurity risk assessment to identify vulnerabilities and protect your business and its customers.

6. Not all payment security issues originate with a hack.

Not all breaches stem from sophisticated hacks. Internal mistakes and unpatched vulnerabilities can lead to serious payment security issues. Many ransomware attacks start when an employee or contractor unknowingly clicks on a malicious link in an email.

Your internal procedures will significantly impact your payment security. For instance, never post passwords on computers or POS systems. Passwords should be changed at least every few weeks and, ideally, consist of at least eight characters, including letters (uppercase and lowercase), numbers and symbols. 

Additionally, companies should have filters in place for their email servers and employees should be trained to protect the business from cybercrime.

FYIDid you know
As part of your small business cybersecurity plan, you should install top-notch antivirus and internet security applications to help protect your systems.

7. Your staff plays a critical role in payment security.

One employee’s innocent mistake can compromise payment security and cost your business dearly. For this reason, employee screening, monitoring, training and permissions are key. Consider the following tips: 

  • Ensure secure payment procedures: Conduct regular training sessions to reinforce secure payment procedures. For example, customer credit or debit card numbers should never be written down or kept on file.
  • Take care with mobile payments: Mobile payments should only be processed with a secure and password-protected connection via the mobile payment provider’s secure app or mobile reader. Use one of the best mobile credit card processors, and update all mobile device operating systems to ensure the latest security vulnerabilities are patched. 

Payment processing best practices

Companies with a high volume of credit card sales will incur significant expenses in the form of processing rates, monthly fees and incidental costs. Use the following best practices to minimize expenditures and improve sales.

Choose the right credit card processor.

Credit card processors’ rates, fees, software features, hardware and customer service vary widely, so carefully vetting potential credit card processing companies is essential. 

Jeff Bucher, senior product strategy manager at Alkami Technology, noted that matching your processor to your business model is crucial, as is learning about all fees and terms. “Common issues that pop up when integrating credit card processing include a lack of transparency when it comes to fees and contract terms,” Bucher cautioned. “These impact mission-critical components like processing times and rates and common hidden fees can be statement fees or non-compliance penalties.” 

Darian Shimy, CEO of FutureFund Technology, pointed out that long-term contracts with early termination fees should be avoided at all costs. “Flexibility is key, and I’ve found that working with processors who offer month-to-month agreements makes it easier to pivot if a better solution comes along,” Shimy advised. “I’m also cautious of providers that push equipment leasing at inflated rates. It’s almost always better to buy outright.”

Take your time reviewing each company’s costs, features and reputation before making a choice.

Review your credit card processing statements and contracts periodically. 

The credit card processor or processing plan you chose as a startup may not necessarily be the best choice as your business scales. For example, a higher processing volume can make fixed-rate credit card processing fees too costly, and you might want to consider switching to an interchange-plus model. You also might find that you now need processing software with more advanced capabilities, such as industry-specific features or robust customer management and marketing capabilities.

Explore whether your current credit card processing company has a different plan that more adequately meets your needs. If not, consider switching providers.

Accept many different payment types.

Today’s shoppers use a wide array of digital payment methods in addition to credit and debit cards, so accepting various payment types is a win-win. The more you can accommodate customers’ preferred payment methods, the more sales you’ll make. 

Most payment processors support multiple payment types, but you may need to contact your company to ensure digital wallets like Apple Pay, Google Pay and Samsung Pay are added to your account.

Optimize for international sales.

If a significant portion of your sales is international or you plan to expand your e-commerce store globally, investigate your international payment processing rates. A wide range of processing rates exists for international transactions, especially if you require currency conversion. If necessary, shop around for a payment processor with lower international processing rates. Be sure to include language translation on your online checkout pages and account for additional costs, such as value-added tax or tariffs.

TipBottom line
Stripe is a good option for businesses with international clients. As we explain in our Stripe review, this company supports more than 135 currencies. It allows customers to pay with their local currency and then converts it so merchants receive funds in their currency.

Protect customer payment data.

Even if your processor is PCI-compliant, you’re still responsible for securing customer payment data. Limit access to payment data to only a few select employees, encrypt data in your system and train employees on proper procedures for handling payment data. Assign unique employee logins so it’s clear who’s responsible if certain files are improperly accessed. Work with your internal information technology department or a third-party cybersecurity firm to continually protect your systems from hacking and other incursions from bad actors.

Update your card reader hardware.

If your company has accepted payments for a while, it may be time to update your card reader and POS hardware. The latest hardware allows you to accept chips and taps (EMV and NFC) — methods that are more secure and user-friendly for staff and customers. Newer card reader hardware may also include helpful features, like allowing the cashier to ring up a purchase and swivel the touchscreen so the customer can input a PIN or add a tip.

Evaluate your need for mobile card readers.

Mobile POS systems are a must for mobile businesses, including food trucks and farmers market vendors. However, they can also be a boon for fixed-location businesses. During a busy season, fast food and quick-service restaurants and retailers can reduce customer waiting time by sending out cashiers armed with mobile credit card readers or mobile POS devices. Mobile readers can also be used for businesses with large showrooms where customers order products for delivery.

Utilize fraud prevention tools.

If you have an online store, add fraud prevention software to your e-commerce site or app. These tools look for suspicious patterns and anomalies that could be signs of fraud. Additionally, many credit card processors allow you to add fraud prevention features such as zip code, CVV or address verification to your account (frequently for an additional monthly fee).

Amit Malhotra, head of partnerships at Wink, advises businesses to choose processors with robust fraud protections and payment orchestration gateways. “These features allow businesses to choose optimal processors for specific transaction types, maximizing both efficiency and cost savings,” Malhotra explained. “Taking advantage of modern tools and integrations also reduces operational friction, ensuring businesses can scale without compromising security or customer satisfaction.”

Did you find this content helpful?
Verified CheckThank you for your feedback!
author image
Written by: Jennifer Dublino, Senior Writer
Jennifer Dublino is an experienced entrepreneur and astute marketing strategist. With over three decades of industry experience, she has been a guiding force for many businesses, offering invaluable expertise in market research, strategic planning, budget allocation, lead generation and beyond. Earlier in her career, Dublino established, nurtured and successfully sold her own marketing firm. At business.com, Dublino covers customer retention and relationships, pricing strategies and business growth. Dublino, who has a bachelor's degree in business administration and an MBA in marketing and finance, also served as the chief operating officer of the Scent Marketing Institute, showcasing her ability to navigate diverse sectors within the marketing landscape. Over the years, Dublino has amassed a comprehensive understanding of business operations across a wide array of areas, ranging from credit card processing to compensation management. Her insights and expertise have earned her recognition, with her contributions quoted in reputable publications such as Reuters, Adweek, AdAge and others.
BDC Logo

Get Weekly 5-Minute Business Advice

B. newsletter is your digest of bite-sized news, thought & brand leadership, and entertainment. All in one email.

Back to top