I was sitting in one of my thousands of mobile offices yesterday (i.e., the Starbucks down the way to one of my new favorite local hang-outs) wrapping up the year ((On my day off, I might add.)) and I couldn’t help but overhear the gaggle of ladies sitting at the table in front of me talking about negotiating some kind of credit card processing agreement for their new business. This was, of course, AFTER the extremely loud gift exchange. I think one of them might have been a gag gift, unless this nice middle aged lady really did want Cookin’ with Coolio for Christmas. I find his measurements hard to follow. How much is a “dime bag of salt” anyway?
So picture this scene: It’s some kind of business meeting with these four ladies having at least two conversations at any given time. They have some kind of retail store (or are opening one) and are trying to deal with the myriad of credit card processing plans laid out in front of them. The conversations (that I can track anyway) are all talking about the same fundamental problem.
Which plan do we choose?
I’ve been in that situation before, both with a retail storefront and an online presence that accepted credit cards. Both were more than eight years ago, and things have changed dramatically since then. The strange part is that the conversation really hasn’t! Do you want to know what the biggest topic of the conversation was?
How much does it cost on this plan versus that plan?
They weren’t even using Solver with some basic assumption to model this out, they were simply talking about the different things they had to pay for up front, the monthly fees, and the transactional fees. The ISOs are doing very little to talk about PCI (that does not surprise me), and these ladies, bless their hearts, had no idea what might come their way.
Even though their conversation was loud enough for the entire store to hear, I didn’t stick my nose in and offer a few pointers. I’m sorry ladies. I probably should have offered even if you said, “No Thanks.” That said, if you are a small merchant looking to accept credit cards, here are five things you should consider before signing that contract.
- Accepting credit cards costs money, but provides convenience and physical security (no cash on hand). If you choose not to accept cards, you should understand the costs of dealing with cash, bad checks, and counterfeiting.
- Look closely at the plans laid out and understand their differences beyond just the finances. The following five things typically make up the majority of the cost you might see (This list is not exhaustive, but makes up a significant portion of the cost you would pay):
- Will one ISO offer a complete outsourced solution, and take all the burden of PCI DSS compliance off your hands?
- Will they handle chargebacks?
- Will they cover fraud if someone uses a stolen card in your shop?
- What cards are accepted?
- How fast do you get your cash?
- Choose not to accept cards, but provide an on-site ATM or accept PIN-Debit with an outsourced provider (to push compliance back to them for member branded cards that can be used as PIN-Debit).
- Go exclusive with one provider like Costco or Sam’s Club to potentially get a better deal, but ensure you have covered PCI somehow (either yourself or outsourced back to the provider).
- Offset some of the costs of card processing by offering discounts to cash-paying customers. You cannot require people to pay for the privilege of using a credit card (for the most part), but you can reward customers for paying with cash.
These are all business decisions that are based on the assumption that you have to deal with cardholder data at some point, and you are better served by making it someone else’s problem and treating it like a standard overhead cost. Focus on retailing, not processing payments, and you may just find yourself never having to deal with PCI DSS!
Possibly Related Posts:
- PCI DSS 4.0 Released plus BOOK DETAILS!
- PCI Council Loses $600K in Revenue, PO Population on the Decline
- Why PCI DSS 4.0 Needs to be a Complete Rewrite
- Orfei Steps Down
- Should you be a PCI Participating Organization?