Credit card processing fees remain one of the top three concerns for convenience retailers—and though it seems reasonable to expect that improving data security at the point of sale would cut charges because it lowers transaction risks,experts say this is not the case.
“I don’t know if anyone has ever been successful in presenting improved security as a reason for getting a lower interchange rate,” said James Hervey, global product marketing manager for Radiant Systems’ Global Petroleum and Convenience Retail Division. “However, that doesn’t mean that retailers can’t negotiate better rates with their acquirers.”
As all c-store owners already know,the interchange fees charged by card companies to the acquirer companies who up the lion’s share of the credit transaction costs that merchants bear. But whatsome don’t understand—and what mostacquirers don’t tell them—is that interchange rates are largely driven by thetype of card a customer uses. For example,affinity cards that provide rewards, such as flyer miles to cardholders, are charged a higher interchange rate simply because card companies pay for those rewards.
Most c-store transactions non-standard
Up to 70% of credit card transactions at c-stores are probably processed at a higher rate than the standard interchange fees set by the four major U.S. card issuers,according to Sanford Brown, chief sales officer for Heartland Payment Systems Inc.However, Brown pointed out that whilemerchants can’t discriminate in the kinds of cards they accept, knowing which cardscarry what costs provides more powerto negotiate lower rates with the acquirers who determine the final processing fee costs.
“Many processors will increase processing fees and their gross margins by levying a surcharge, often as high as 1% or more, in addition to the increased interchange on the transaction,”Brown said. “Because the process is complicated, few merchants have the time to understand that they couldnegotiate a better price with their cardprocessors.”
As evidence, Brown cited the class action lawsuit filed against Visa and Master Card several years ago for charging acquirers the same interchange rate for debit card transactions as for credit card transactions. The outcome was a court order that directed Visa and MasterCardto lower the interchange fees they chargeacquirers for debit card transactions andrebate $3 billion in past overcharges toacquirers. Though all acquirers passedthese savings on to their large retailer clients, only Heartland Payment Systemsautomatically issued refunds to its smallbusiness customers as well. The same settlement allowed merchants to choose whether they wanted to accept only debit cards, only credit cards or both.
Most acquirers continue to keep there tail price the same and put extra money in their own pockets, which leads Brown to stress that the most important step c-store owners can take to reduce card fees is insisting that processors disclose both the interchange rates they charge for the transactions and the margins they expect to earn. If those margins are the same for credit and debit card transactions—or if the processing agreement contains unexplained or unnecessary incidental fees—merchants should find a processor willing to pass along savings realized on interchange rates instead of pocketing them.
U.S. fees are world’s highest
Even though improving point-of-sale(POS) processing security won’t get you a lower processing rate, card companies do provide safe harbor protection from fines for merchants whose data security precautions meet the Payment Card Industry Data Security Standard (PCI DSS), the comprehensive set of requirements for enhancing payment account data security for businesses that accept credit card transactions set by the card industry.
Still, Mike Newman, president of NOCO Express, noted that U.S. merchants continue to pay the highest credit card processing fees in the world. “There’s no economy of scale for the U.S.; all consumers are paying it,” Newman said. “Five years ago, we were paying around $280,000 a year in interchange fees, andthis year we’ll exceed $2 million. It certainly has hurt our bottom line and ourability to continue growing.”
And as if high fees weren’t bad enough, Newman said that becoming PCI-compliant demands more time, money energy than many retailers can afford. “Personally, I think this PCI thing came from credit card companies’ unwillingness to deal with security flaws in their own data storage systems,” Newman said. “Card companies went headlong into electronic POS before they realized that system they had constructed had flaws, then require the retailers to fix it.”
Scott Hartman, president of Rutter’s Farm Stores, agreed that PCI compliance is a big issue for the c-store industry, the complexity of which depends on the size of the retailer. However, he said, many retailers missed a key PCI compliance deadline last spring and another one looms in December.
Though all card companies want merchants to meet the PCI standards, each has developed its own program for implementing and enforcing PCI compliance. Links to these and more compliance issues are available at www.pcicomplianceguide.org.
Hervey points out that all of these programs are methods for enforcing the same security standards, so when a POS has met the PCI standards, it should automatically be compliant under the enforcement programs written by each card provider.
Push cash alternatives and zipcodes
Reducing the amount of credit card fraud is the other major way that c-stores can lower their credit costs. JimSmith, president of the Florida Petroleum Marketers and Convenience Store Association (FPMA), said fraudulent card costs ultimately come out of merchants’ pockets because card companies bounce charges back to retailers, with whom they say the responsibility for verifying card ownership resides.
“I was a retailer for 22 years, operating 44 convenience stores,” Smith said, “and not once did I ever have an oil company absorb fraudulent credit card charge. “Pay-at-the-pump, where no employee is present to ask for identification, has created a fraud potential unique to gasoline retailers, which is why so many c-stores are programming their pumps to require purchasers enter their zip codes in order to complete gas purchases.
“The more prevalent zip code security becomes, the more of a positive impact it will have in our industry,” Smith said, adding that Petroleum Marketers Association of America (PMAA) is working to forge an alliance with an acquirer to reduce members’ processing costs. “There’s no way to know if this will bear fruit, but we can’t afford to stop trying,” he says. Another cost saving measure Smith advocates is offering customers a discount for paying cash for their gas instead of using their credit cards.
Some retailers may be hesitant to gather zip code data, said Mary Vinson, director of operations for Donnini Enterprises. Several of her company’s dealer operators initially refused to install zip code prompting for fear that customers would find the added step inconvenient and begin buying their gasoline elsewhere. “They really got hit with this last round of credit card fraud in Florida,” Vinson said. “Zip code prompting isn’t a complete solution, but it definitely helps.”
Two initiatives, same goal
Two initiatives that help educate merchants about the processing fee alternatives they have are Heartland Payments System’s www.merchantbillofrights.com and the NACS supported Merchants Payments Coalition described at www.unfaircreditcardfees.com.
NACS Director of Communications Jeff Lenard highlighted the recent Congressional hearings on interchange fees as evidence that simply trying to get the credit card companies to reveal how they determine fees is challenging.
Card companies are quick to point out that credit cards are one of the greatest innovations of the 20th century. “They’re absolutely right,” Lenard said. “But this is the 21st century and the only innovations we’re seeing are new ways to defend high interchange rates.”
As Jim Smith so succinctly put it, “When you’re the 800-pound gorilla, you don’t have to explain anything to anyone. You can just sit there eating bananas and growl at people who walk by.”
Unfortunately, point-of-sale (POS) terminals have emerged as a weak link in the data security chain, according to Avivah Litan, vice president and research analyst for Gartner Inc., a technology research firm based in Stamford, Conn.
Many retailers are unaware that their POS systems collect enough data to create a replica card, Litan said, and though hacks into the customer data files of banks and big companies receive most press coverage, the greatest number of data thefts actually occur at small businesses.
Litan advised that small chain operators and single storeowners—who now make up more than 60% of the convenience store channel—outsource payment processing and obtain the software and terminal from their payment processors, making certain that their contracts with processors clearly state that any breach in software is the service provider’s sole responsibility.
James Hervey, global product marketing manager for Radiant Systems Global Petroleum and Convenience Retail Division, said the best protection is adhering strictly to the PCI Council’s Payment Applications Best Practices guidelines (PABP) for POS card transactions.
Hervey also strongly advocated performing security background checks on every employee to enhance POS security, and switching to self-swipe card readers so that clerks can’t steal data when customers aren’t watching. “Most of the time fraud isn’t caused by a gang hacking into a database, but by an employee using a skimmer,” he said.