Between July 2008 and July 2009, the use of mobile devices to shop the internet increased 34%, according to a report released in October 2009 by The Nielson Co. It went from 42.5 million to 56.9 million. The greatest increase of phone users accessing the web came from 13-17 year olds and people 65 and older.

These numbers are predicted to grow as bandwidth and phone speeds increase. E-commerce and mobile payment applications are becoming more popular as this happens.

Ups and Downs

The expansion of mobile internet use makes it a prime opportunity for ISO’s and MLSs to create new streams of revenue with mobile payments. There is a huge potential for using phones as credit card terminals, although there would be some downfalls.

The phones out there right now are getting smarter and smarter. You can do almost anything with them. But the credit card processing industry is mostly dominated by banks, and there are very few mobile carriers out there. For mobile payments to become a reality, carriers need a profit motive in order for them to jump on the idea.

Web surfing on a phone is one thing, but making a credit card transaction on one is another. There would have to be a specific mobile processing platform. Who is going to give?

Monetary Gain and Economy

There has to be an implementation of a payment network that gives phone carriers a value based incentive to participate in mobile payments. To make mobile e-commerce as popular as regular e-commerce require a secure network that will simplify checkout.

MLSs should also be compensated to distribute and market mobile payment products. The technology is available, but a way to make it cost effective is not.

There are three pieces that currently consume the discount rate the merchant is charged. The card issuer, the merchant acquirers, and agents, all receive a part of the merchants’ fee. Why would a phone company want to put a chip in their phones to do mobile processing if they aren’t going to profit from it? Carries will need a source of revenue in order to implement the chips needed for mobile card processing.

There are many obstacles that lie ahead of the acceptance of mobile payments. The drive to change is difficult, but it will happen.

When Visa speaks, the industry listens. As a necessary add on to PCI DSS, Visa says that all merchants who accept cards electronically consider upgrading their networks to have data-field technology installed.

Visa has written a paper that makes five important recommendations to merchants.

1. Protect devices that are cryptographic against software and firmware compromises.
2. Given a merchants geographical location, use key management that is consistent with security standards.
3. Use cryptographic algorithms that are consistent with security standards based on geographical locations.
4. Limit clear text (unencrypted) to “point of encryption and point of decryption.”
5. In lieu of the complete card number, use an alternate transaction identifier for business practices.

The Senior Business Leader of Visa’s Risk Department, Eduardo Perez, believes merchants are currently looking for guidance in what should be done to protect card data.

He says, “…the intent of these best practices is to provide a foundation, or a primer, for merchants considering these solutions on how to implement them and then how to evaluate them… So the goal here is to support merchants and ultimately to effectively deploy the use of encryption solutions within their payment card environment.”

Data Field Encryption

End-to-end encryption is another name for data-field encryption. Many in the industry feel that it is necessary in order to safeguard data. Data that is encrypted cannot be decryption without the correct key.

When the card is swiped, end-to-end encryption begins. The encrypted data is taken from the merchants’ private network, and then goes through the public network to the acquirers system. That is where the information is decrypted in order to process.

Not Mandated

The guidelines of Visa do not mandate merchants to have end-to-end technology, or to have providers that use end-to-end technology. But it is an important way to protect cardholder data.

PCI DSS strives to have complete data security, which includes data at rest (stored) and data in motion (transmitted). End-to-end encryption focuses mainly on data as it is transmitted, or is in motion.

Data that is in motion is attacked by malware, which is malicious software that finds cardholder data and transmits if back to people committing fraud.

Along with PCI DSS, Data-field encryption can help keep the data of your cardholders safe.

Public Vs. Private

Tim Cranny, the Chief Executive Officer of Panoptic Security Incorporated, says that the most current version of PCI DSS is mainly focused on the security of stored data and data transmitted publicly, not the security of private networks.

The best approach to security is a layered one, according to Bob Russo, the GM of the PCI Security Standards Council, also known as PCI SSC. He says, “Which specific technologies an organization chooses to implement to meet the requirements of DSS is discretionary. Organizations seeking to deploy security technologies must recognize that secure implementation is as important as the decision to implement itself.”

He goes on to say that PCI SSC is in the feedback process. They want opinions on how the PCI DSS will evolve.

Invoices for your merchant services can be very cryptic and puzzling. Understanding your monthly processing statements gets harder by the second, as credit card processing companies become invoicing masters. Here, I will help you understand what is on your bill.

Basics of Your Statement

Rates and transactions fees will be on most monthly statements. Your rate is called the “discount rate,” even though it is a fee.

Dues, Fees, Mark-Ups, Assessments, and network charges make up the discount rate that you are required to pay for accepting cards. When merchants use networks like Visa and MasterCard, an interchange fee is charged. This is a fee that the merchants’ bank pays the customers bank.

Depending on card type, interchange fees vary. Fees also vary depending on how the card was accepted and sometimes even transactions amounts. There are hundreds of different interchange fees that can be charged, and they are usually around 1 to 3 percent of the transaction.

Various Pricing Structures

First, there is FLAT RATE PRICING. A flat rate is charged for all transactions, no matter how small or large the sale is. If you are set up this way, your processor is hoping that most of your transactions will clear at the lower interchange rate, rather than the up-charged rate that they are giving you. Statements are easy to read and understand, but you are paying more in the long run.

Secondly, there is TIERED PRICING. Most merchants find interchange pricing confusing, so some companies have divided transactions into tiers. Most companies use three tiers: Qualified, Mid-Qualified, and Non-Qualified. The processor makes a minimal amount in fees over the interchange cost. The statement is pretty easy to read, and the pricing is significantly better than flat rate pricing.

Thirdly, there is INTERCHANGE PLUS PRICING. The true cost or processing a credit card is interchange. Some processors offer interchange+ pricing as an option. The “+” is the fee that your processor charges on top of the interchange charge no matter what interchange level it qualifies under. This structure is the most difficult to understand, and is usually used by larger clients.

Lastly, there is BILLBACK PRICING. Processors that want to offer the customer the lowest rates possible, but do not want to pay for the higher interchange levels use this structure. A low rate is offered to the customer, but all interchange prices are added for and cards that clear at higher interchange level. Statements are hard to understand, and it is the most costly.

Processing Fees

Most processing statements have a transaction fee section. For each transaction that is processed, a transaction fee is charged along with the discount rate. Sometimes, authorization fees take the place of transaction fees. This does not work in your favor, as you are charged whether or not the card goes through. There may also be batch fees, set-up fees, yearly fees, etc. in this section of the statement.

Processing Solution

Simple math and a second opinion can help you defeat a confusing statement. Try taking your total sales, and dividing it by your total service fees. If your rate seems too high, ask your processor for a reason. If your processor doesn’t take time to explain it to you, have another company perform a statement analysis for you. They will give you a comparison and an honest breakdown of your current fees. It’s always good to know if a better option is available!