Bill McKiernan founded a credit card payment gateway company back in 1994 when the idea of an online"purchase" button was fresh. Fast-forward to 2009 and his firm, Cybersource, is a publicly-traded (NASDAQ: CYBS) credit-card-processing colossus. It functions as the payment gateway for these businesses as Avis car rental, Facebook and Fandango, one of thousands of other prominent companies.
In November 2007, Cybersource acquired Authorize.Net, another early-day payment gateway company. Authorize.Net focuses on smaller online businesses and had grown to over 200,000 merchant clients at the time of their acquisition.
Combined, Cybersource posted earnings of over $229 million in 2008 and listed over 1.5 billion distinct transactions. McKiernan, a Harvard MBA graduate, has seen firsthand the growth of online companies and we talked with him concerning the condition of ecommerce in early 2009.
PeC: How are ecommerce sales holding up in the recession?
McKiernan:"Broad, secular trends are profiting ecommerce companies currently. The recession has generated more bargain-conscious consumers that are looking for better prices from online merchants versus, say, what they get in the mall. We are also seeing more people supplementing their income with market online start-ups, which are creating more goods for internet consumers to pick from. And bigger merchants are recognizing that it's more cost effective to sell online than at a physical location. In summary, we are seeing more stores online, more goods online and more customers shopping for them "
PeC: So, earnings are increasing for Cybersource, even during the recession?
McKiernan: "Yes. Same store sales grew for us radically in 2008 and we signed up over 106,000 new merchants during the year. In the 4th quarter of 2008, we also saw a sharp rise in gross transaction volume and at the dollar amount per transaction."
PeC: Changing the subject, we are hearing from smaller merchants who say they're being billed for onerous PCI compliance fees once the dollar volume of the business doesn't justify complete PCI compliance. Are various merchant account suppliers taking advantage of smaller merchants with unfair PCI compliance charges?
McKiernan:"Obviously. And, several of these identical merchant account providers are also benefiting from higher transaction fees, statement fees etc. Merchants will need to use care in their selection of merchant account providers. Many providers, including my company, place great value on longterm client relations where we act as trusted advisors. Businesses that overcharge and exploit their clients will unfortunately always be around."
Questionable PCI Compliance Fees?
PeC: Does the PCI Security Standards Council dictate uniform charges that merchant account providers can bill online merchants?
Erlin: No, the charges are determined by the merchant account providers themselves.
PeC: If a small business merchant doesn't qualify for full PCI compliance, as a result of reduced dollar volume, but is still being charged, what should they do?
Erlin: no matter their size, each merchant should know upfront what the fees will be before they get a statement. In a perfect world, you may get a merchant account provider who's dedicated towards smaller merchants that aren't subject to PCI, but I do not know of any merchant account providers who focus on that. The best advice is really to shop around and look at other merchant account providers.
PeC: Have you seen account fees which should concern an ecommerce merchant?
Erlin: I have not seen specific fees which are about me, but I hope that there'll be some variability in these charges as the suppliers figure out what they can charge and what merchants are prepared to pay.
PeC: If a merchant is using a hosted shopping cart provider that's PCI compliant, should the merchant nevertheless be evaluated compliance charges out of his merchant account provider?
Erlin: All merchant account providers need to be PCI compliant, and they have every right to pass along those charges to their clients. For many merchants, using a hosted shopping cart which avoids the merchant account provider and uses the payment gateway service may be a better choice, but you can not necessarily prevent the PCI compliance fees from the merchant account supplier simply because you've got a hosted shopping cart.
PeC: Your company, nCircle, is an approved PCI scanning vendor. Just what does that mean?
Erlin: Meaning that we are approved by the PCI Security Standards Council to supply external vulnerability scans, on a quarterly basis, according to the PCI requirements.
PeC: Is it valid for a merchant account provider to bill the merchant for PCI fees if they are using the services of an approved scanning vendor?
Erlin: Unfortunately for the merchant, it is probably expected. The best advice I can give to merchants concerning lowering your exposure to PCI compliance is to avoid as much as possible having possession or saving or transferring/transacting the credit card information . Pass the information directly to the payment gateway or a merchant account provider and don't store it anywhere on your systems. Then you decrease the need to worry about PCI compliance.
PeC: Do you have any more information for our readers about PCI compliance?
Erlin: PCI compliance is perplexing for almost everybody. If you are having a conversation with your merchant account provider, your lender, your payment gateway, or your hosted credit card supplier and you don't know something about PCI, do not be afraid to ask.
See also:
/pos-review-connectpos-vs-toast-pos/
/pos-review-connectpos-vs-magestore-pos/
offline-mode-in-pos-does-it-matter-to-your-business/
/5-pos-systems-support-offline-mode/
pos-review-connectpos-vs-vend-pos/
Comments
Post a Comment