What you don’t know can hurt you when it comes to how your small business handles sensitive payment data. In fact, being unaware of the risks and responsibilities you inherently assume in payment processing can expose your business to fines, fees and operational upheaval. Even more importantly, you risk damaging your company’s reputation and customers’ trust.
Being aware of the costs and risks and proactively addressing them will help protect your company and your customers’ sensitive payment data.
Editor’s note: Looking for the right credit card processor for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.>
Here are five things most businesses don’t know about payment processing.
When small businesses accept credit cards, they’re subject to processing fees for each transaction. Top providers’ average credit card processing fees range from 1.7 to 2.05 percent for in-person transactions and 2.25 to 2.5 percent for card-not-present transactions. These costs may sound minimal, but they add up, especially when they’re applied to big-ticket items. Additionally, some payment processors add a flat fee per transaction, which can significantly impact your bottom line if you have a high purchase volume.
Consider the following factors to help reduce your credit card fees and save on processing costs:
Nowadays, most debit and credit cards include a magnetic stripe on the back and an EMV (Europay, Mastercard and Visa) chip on the front. Card issuers also typically support NFC mobile payments with contactless tap technology.
Still, many businesses don’t realize there are significant payment security differences when a card is swiped versus tapped or inserted into an EMV payment terminal.
When a customer uses an EMV chip card or an NFC mobile payment option such as Apple Pay, the processing environment utilizes a security measure called tokenization. This process replaces the sensitive cardholder data (i.e., the 16-digit personal account number) with a series of randomly assigned numbers used to process the payment.
If the transaction is intercepted during processing or is later compromised in a breach, data thieves can’t use the token to commit further credit card fraud or identify the account owner.
According to research from BlackFog, from June 2022 to June 2023, 61 percent of small and midsize businesses were victims of successful cyberattacks. Of these, 58 percent experienced business downtime that impacted operations and profitability, and 39 percent had a breach of sensitive customer data.
Unfortunately, most small businesses that fall victim to a payment security breach don’t know it occurred until the damage is done. If there’s a breach, your business may endure the following ramifications:
An investigative audit of your payment security practices may find that you’re party to a payment transaction with the lowest level of security. For example, merchants that don’t accommodate EMV chip cards could be held liable in the event of a payment security breach. You could potentially be held responsible for costs associated with the breach, including the following:
To protect your business from a data breach, consider these best practices:
Not all breaches stem from a sophisticated hack. Internal mistakes and unpatched vulnerabilities can lead to serious payment security issues. For example, many ransomware attacks start when an employee or contractor unknowingly clicks on a malicious link in an email.
Your internal procedures will have a significant impact on your payment security. For example, never post passwords on computers or POS systems. Passwords should be changed at least every few weeks and, ideally, consist of at least eight characters, including letters (uppercase and lowercase), numbers and symbols.
Additionally, companies should have filters in place for their email servers, and employees should be trained to protect the business from cybercrime.
One employee’s innocent mistake can compromise payment security and cost your business dearly. For this reason, employee screening, monitoring, training and permissions are key. Consider the following tips:
The best credit card processors offer robust security and transparent pricing that helps you choose the best pricing model for your business. Here are a few excellent companies to consider as you start evaluating payment processing partners.
Helcim is a versatile payment platform that allows you to accept multiple transaction types. It supports online transactions, QR codes, invoicing and recurring payments. You can accept NFC mobile payments and payments via chip credit and debit cards, ACH (electronic check) and more. Read our detailed Helcim review for information about its low interchange plus processing fees and no monthly fees.
Square is a payment facilitator. For this reason, unlike many traditional payment processors, Square will likely approve you even if you’re a startup or have less-than-perfect credit. Square also offers flat-rate processing fees with no monthly fees. Check out our detailed Square review to learn how your business can get a free online storefront and POS system.
Clover provides POS software and hardware, along with payment processing services that facilitate credit card payments and many other digital payment methods. Our comprehensive Clover review explains how the company can simplify your POS and payment processing needs.
Stax uses a wholesale subscription-based pricing model with three pricing tiers. In addition to a monthly fee that ranges from $99 to $199, Stax charges a small per-transaction fee, making it ideal for high-transaction-volume businesses. Our in-depth Stax review explains how the processor provides merchants with a mobile app, multiple software integrations and a free online storefront.