iTransact Presents
iTransact Presents
Payment Processing considerations to comply with IRS and
PCI-DSS regulations and policies
Payment Processing considerations to comply with IRS and
PCI-DSS regulations and policies
Learning Objectives
At the end of this course you will be able to: • Prepare for IRS 6050w and 1099-k
• Help Your Understand the Important of credit card security standards (PCI-DSS) • Apply the Durbin Amendment to the Dodd-Frank Act to clients accepting credit cards
U d t di th b fit d id ti f ti dit d • Understanding the benefits and considerations of accepting credit cards
T
ABLE OF
C
ONTENTS
Industry Overview
IRS 6050w and 1099-K
Payment Card Industry Standards
Durbin Amendment
The Benefits and Considerations of
Accepting Credit Cards
All content and images in this presentation Cop right © 2011 The iTransact Gro p LLC All content and images in this presentation: Copyright © 2011 The iTransact Group LLC. All trademarks, service marks, and trade names are the property of their respective owners.
Payment card processing is a $3 trillion industry, expected to reach $4.2 trillion by 2012.
Two sides to Merchant Card Processing:
Two sides to Merchant Card Processing:
The Issuing Side and the Acquiring Side
The Issuing Side: Banks, Credit Unions, Airlines, etc
issue a credit card to a consumer.
The Issuer has aBank that backs the card holder for purchases Bank that backs the card holder for purchases
The Acquiring Side: The Consumer uses the card
with a Merchant and the Merchant receives credit
with a Merchant and the Merchant receives credit
card as payment. The Acquiring bank issues
merchant accounts for the retail establishment and
pays the merchant the funds from the consumer’s
pays the merchant the funds from the consumer s
purchase before actually receiving them from the
Issuer.
$1.80 Interchange Fees $0.80 Processing Fees $97.40 Merchant Deposit Interchange Fees (paid to Issuer) Processing Fees (paid to Acquirer) Merchant Deposit
Fees a Business Owner pays
Interchange –•Paid by the Visa/Mastercard/Discover card Acquiring Bank Member •Paid to the Credit Card issuer (Citi Bank, Capitol One, et al)
•Every Acquirer who sells merchant accounts has to pay the same interchange. Bigger companies donʼt get a “price break.”
•The cost of each interchange category varies based on card type and acceptance
method. The more it costs the Card Issuer to pay for the card, the higher the interchange rate.
•For example, a rewards card has a higher interchange rate than a regular credit card (someone has to pay for the air miles), which has a higher interchange rate than a debit card (low risk – the money is taken right from the card holders checking account) etc. Processing Fees – The fees paid by the merchant in addition to Interchange. Some Acquirers label these as “Discount fees” and include all fees paid, including Interchange and any additional markup.
Types of Acquirers
•Most Acquirers sell merchant accounts directly to business owners
via sales agents or a separate sales company (called an ISO or
Independent Sales Office). Examples: Banks, Credit Unions, First
p
)
p
,
,
Data, iTransact, Elavon, Heartland, RBS World Pay, NPC
•Some Acquirers operate under a
“Third Party” model, meaning
that instead of offering a traditional Merchant Account to the
business owner, the Acquirer owns the Merchant Account and the
business owners allow the Acquirer to process credit cards in their
b h lf Whil
i
thi d
t i
ll l
i
t
t
behalf. While using a third party is generally less expensive to get
started, it often comes with restrictions on how the merchant
account can be used and accessed, as well as higher fees.
Examples: Pay Pal
Processing Methods: Card Present
There are essentially two ways to accept credit cards, Card Present
and Card Not Present
Card Present: The customer and merchant do business
face-to-face, the card is present at the time of sale and swiped on a credit
card terminal. Authorization is immediate and a signature is
obtained (or pin number entered in the case of a pin debit
transaction).
Card Present transactions are significantly less expensive (by
about .5% on average) but require equipment that read the
magnetic stripe on a credit card and can transmit and receive data
live in order to get authorization Transmission can happen over
live in order to get authorization. Transmission can happen over
the cell phone networks, over an analog phone line, or with an
internet connection. The cost of this equipment can vary widely.
Processing Methods: Card Not Present
Card Not Present: The credit card information is processed online via the merchantʼs website or keyed into a credit card or virtual terminal (where the merchant s website or keyed into a credit card or virtual terminal (where the card information was obtained by mail or over the phone). A signature is not obtained or the authorization is not live.
While generally more expensive (due to higher likelihood of fraud), the Card Not Present method is necessary for merchants who need to accept
transactions online, over the phone, or by mail. It is also an attractive alternative for merchants who need mobility but would rather not pay the alternative for merchants who need mobility but would rather not pay the
generally more expensive “set up” costs of getting a mobile credit card terminal (and instead would rather enter credit card data into their terminal over the
Processing Methods: Equipment/Software Pricing
g
q p
g
•Smart Phone: for small or mobile merchants, most Merchant Service Providers (Acquirers) now sell applications and paraphernalia allowing a merchant to process transactions with a smart phone. Merchants can expect to pay $100-$300 for set up p p p y $ $ p fees and equipment purchase (card reader, printer), $10-$30 for a monthly fee, and an additional $.05 $.15 per transaction.•Phone Line/Internet Terminals or Point of Sale devices: Still the standard in the industry, a merchant can expect to pay $300 - $1000+ for a stand alone terminal, depending on the complexity of the device. Lease options are also common,
ranging anywhere from $30 to $100 a month for 3 or 4 years. Beware of Merchant Service Providers offering g “free” terminals as those generally come with higher g y g rates, hidden and annual fees, and steep cancellation penalties.
•Mobile Terminals: for larger mobile merchants, terminals exist that have an
integrated card reader and printer, that transmit and receive data over the cell phone g p , p networks. These generally range from $600-$1000 or $60-$100 a month.
•Internet Gateway/Virtual terminal: for Merchants who want to allow customers to purchase from them off their website and/or who want to key transactions into an
p y
online “Virtual” terminal. Merchants can expect to pay a setup fee from $100-$300, a monthly fee of $15-$25, and an additional $.05 to $.15 per transaction.
Overview
• Because the IRS suspects that many merchants do not fully report their credit card processing revenue on August 16 2010 report their credit card processing revenue, on August 16, 2010, the IRS implemented tax code Section 6050W and related
statutory changes enacted by the Housing Assistance Tax Act of 2008 (Pub. L. No. 110-289) that require Merchant Acquirers to
t t i ttl t f dit d t ti f
report payments in settlement of credit card transactions for each calendar year.
• Reporting entities will be required to file an annual information p g q return with the IRS and provide each merchant with a
corresponding Form 1099-K, reporting monthly and annual gross sales.
Payment Card Industry Data Security Standard
From Wikipedia:
The Payment Card Industry Data Security Standard (PCI DSS) is a The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council [with representatives from Visa, Mastercard, Discover, and American Express]. The
standard was created to help payment card industry organizations that process card payments prevent credit card fraud through
increased controls around data and its exposure to compromise. The standard applies to all organizations that hold process or The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
Who must comply with PCI DSS?
All major card brands (Visa, MC, Discover, and American Express) have Mandated that anyone who handles credit card data, including the smallest Business owner accepting credit cards, must comply with PCI DSS. That said,p g , p y , The card brands do not currently enforce compliance, but if there is a breach, fines of tens of thousands of dollars could be leveled at the Merchant.
How does one comply with PCI DSS?
For most merchants, compliance is simply a matter of adhering to the guidelines found on the PCI website:
M
t M
h
t ?
Most Merchants?
The card brands categorize merchants based on the amount of credit card transactions the merchant processes annually:
transactions the merchant processes annually:
•Level 1: Merchants who process in excess of 6 million transactions of any card brand annually
•Level 2: Merchants who process between 1 million and 6 million transactions of any card brand annually
•Level 3: Merchants who process between 20,000 and 1 million transactions of any card brand annually
•Level 4: All other merchants
As most merchants do fewer than 20,000 transactions of any card brand Annually, most merchants are considered level 4. Merchants of level Annually, most merchants are considered level 4. Merchants of level 1 – 3 have additional requirements that may include an onsite 3rd party
Compliance vs. Validation
• Currently, level 4 merchants are not required by the card brands to validate that they are PCI compliant (though most experts suspect that that will change one day)
experts suspect that that will change one day).
• Most Merchant Service Providers do encourage merchants to validate compliance nonetheless, for the merchantsʼ sake as well as for the sake of the Provider, who could be fined by the card brands in case of a merchant breach. Many Providers have begun leveling additional “non-compliance” fees to
merchants who fail to validate as a way to encourage them to merchants who fail to validate as a way to encourage them to do so (usually $15-$30 a month).
• This typically equates to a Provider having a PCI program, ff
complete with staff to help merchants validate compliance by filling out a Self-Assessment Questionnaire and, if the
merchant is processing via an internet connection, to have a network system scan. Industry standard for this service is network system scan. Industry standard for this service is $100 to $200 annually, sometimes broken down monthly.
Overview
On July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub.L. 111-203, H.R. 4173). An amendment to that bill proposed by Senator Dick Durbin will force the Federal Reserve to review and lower interchange for debit card transactions. This means that after July 21, 2011 (the Fedʼs deadline), the cost to a Merchant Service Provider for debit transactions will likely decline dramatically
Service Provider for debit transactions will likely decline dramatically. However, this does not necessarily guarantee that the lower cost will be
Passed down from the Provider to the merchant.
Th ld i ll h l li i ifi f
Thus, you could potentially help your clients save a significant amount of money On their merchant processing fees by having them ask their Merchant
Service Provider if they are benefitting from the lower interchange cost on Debit transactions due to the Durbin Amendment, once the new pricing Debit transactions due to the Durbin Amendment, once the new pricing Goes into effect (see next slide).
Be Aware of the Final Pricing
It is currently not known exactly how much the cost of a debit transaction
Will be lowered to. The Fedʼs current proposal is to lower cost to a cap of 12 C t t ti b t th t i b i d b t d d th J l 21 2011
Cents per transaction, but that is being debated and the July 21, 2011 Deadline could actually be extended by two years, pending a bill currently Being debated in the Senate.
Once the new pricing goes into effect, it is unclear if the Card Brands and Associated banks will take action to compensate for their lost revenue. Most experts agree that they will, and that it will likely come in the form of Additional and/or hidden fees and caps on the dollar amount of a debit card Additional and/or hidden fees, and caps on the dollar amount of a debit card Transaction.
The Last Word –
Benefits and Considerations to a Business
Greater Cash Flow and Savings
Get paid before the customer walks out the door or leaves the Get paid before the customer walks out the door or leaves the
website.
Avoid cost associated with collection of accounts receivables.
Studies show that accepting credit cards increase revenue in two ways:
Dollar spent per customer increases – if a business only takes cash, the
customer can only spend what they have in their wallet
Number of customers increases – if a business does not accept credit
cards customers will often take their business elsewhere cards, customers will often take their business elsewhere
Accommodate customer’s payment needs
We are becoming a cashless society. Many people no longer
carry check books or cash and use debit and credit cards as y their primary means of paying for goods and services.
Using debit and credit cards is often preferred by customers
who are looking for an alternative payment method. Set up recurring charges for customers
About iTransact
• Specializing in payment p g p y processing for 16 years • Powered by the largest
processors on the planet,
p p ,
servicing millions
• End-to-end solutions for retail, Internet, and mobile , , merchants
• Credit, debit, gift cards, e-checks
To learn more about adding merchant processing to a CPA firm or helping any business save money on their merchant fees, Contact Ashleigh Parker at iTransact , 1-801-298-1212 xt 8386 or
