A merchant account is a special bank account that enables your business to accept payments by credit card. Merchant accounts can be obtained through a bank, credit card company, or other payment processor. Any merchant who wants to take credit card orders must establish a merchant account.
A virtual terminal allows you to manually process credit card transactions from any computer with an Internet connection. You simply log-in to a secure website with a username and password and you are able to charge cards, perform authorizations and view transaction and client information through complete online reporting.
Your Direct Pay virtual terminal is hosted by Authorize.Net servers. Once you are set up with a merchant account, you have access to this secure payment processing “dashboard.”
A payment gateway is basically the same as a physical point of sale terminal in a retail store. Their function is to link the virtual terminal (the “buy” page of your website) to the merchant account and credit card organization securely.
Payment gateways authenticate transactions by sending and receiving the account/customer information using a secure socket layer (SSL). Payment gateways protect the credit card data and any other personal information from exposure to fraud.
The major participants in the credit card transaction and settlement process are:
Virtual Terminal- The system that enables your customer’s to “buy now” and enter credit card information on your website. The virtual terminal also maintains detailed reports of your transactions and customer information and notifies the customer when their transaction has been approved.
Payment Gateway (Authorize.Net) – A bridge between your company and the financial entities that handle processing and settlement
Merchant Bank Account – A business bank account that allows you to receive settlement of funds for credit card transactions
Acquiring Bank- The bank that holds your merchant account. If you sign up for the Authorize.Net payment gateway through a reseller or other sales organization, you may not have a direct relationship with your acquiring bank.
Credit Card Issuer- The financial institution or bank that issued the credit card to your customer
Credit Card Interchange System – System established by credit card associations that allows acquiring banks to submit requests for funds to the customer’s issuing bank on your behalf.
The following steps detail a credit card transaction:
1.) Your customer chooses a product to purchase on your website, enters their personal and account information and submits their request to purchase. Your virtual terminal immediately sends this request to the Authorize.Net payment gateway.
2.) Authorize.Net automatically passes the transaction over a secure connection to the Processor/ Credit Card Interchange System.
3.) The CCIS routes the transaction to the appropriate credit card issuer to verify the transaction.
4.) The Credit Card Issuer approves or declines the transaction based on availability of funds and passes both the results and, if approved, the funds back over the CCIS/Processor.
5.) The transaction results are then relayed to the Authorize.Net payment gateway for secure transmission.
6.) Authorize.Net stores the transactions results and sends the information back to the customer and the merchant.
7.) The CCIS passes the appropriate funds for the transaction to the acquiring ban.
8.) The acquiring bank passes the funds directly into your merchant account.
Some business owners open a merchant account as soon as they start their business since credit card acceptance makes it possible for a larger target audience—globally through the Internet—to purchase their products and services. It also projects a more established, professional image of a business. Others prefer to wait until they have a few paying clients before beginning to accept credit cards. The choice is ultimately yours. We recommend opening a merchant account once you are regularly accepting customer payments totaling $1000 per month or more.
All you need is a computer with an Internet connection to access your virtual terminal. If you accept credit cards in-person at your place of business or at events, you may also purchase a printer or terminal from us, but it is not required.
You will be able to accept Visa® and MasterCard®. If you fill out the additional application, you can also accept American Express® and Discover® for a small fee. Debit cards can also be used if they have the Visa® or MasterCard® logo.
We currently offer merchant accounts for U.S. and Canadian residents only.
Yes. There is a nominal foreign currency surcharge added by the processing bank to complete these transactions. The funds will be converted to your local currency at the currently applicable conversion rate. If you choose our Multi-Currency feature, you can also set prices in foreign currencies for your clients' convenience.
In most cases, yes. View our list of merchants requiring pre-approval for U.S. accounts and Canadian accounts. If your product or service doesn’t appear on this list, you are qualified to apply for a merchant account. If you do offer one of the products or services listed, please contact us for pre-approval before applying online.
Possibly. Direct Pay has one of the highest approval rates in the industry. As long as you are not in active bankruptcy, you may be able to qualify for a merchant account. If your application is declined for any reason, we will refund your set-up fee. An application co-signer may be needed in certain situations.
To sign up, you will need:
Once we receive your application, your account will reviewed and, if approved, activated for Visa® and MasterCard® within 3-4 business days. If you choose to also process American Express® and/or Discover® credit cards, your account will be activated for these transactions within 5-7 business days.
The processed amount--minus any applicable processing fee-- is credited to your bank account within 2-3 business days for Visa® and MasterCard® and 3-4 business days for American Express® and Discover®.
Our payment gateway partner, Authorize.Net uses Secure Sockets Layer (SSL) technology to encrypt sensitive personal information, including credit card numbers. Over 140,000 merchants nationwide use this secure platform daily. If you accept payments online, you can also opt to increase transaction security by adding Authorize.Net’s Fraud Detection Suite which DP provides with no set-up fee and no cost.
This rate is for merchants who can physically swipe customer credit cards through a terminal for more than 90% of their transactions. With our service, no physical terminal is required as you process transactions through your virtual terminal and shopping cart. Many of the professionals with whom we do business accept credit cards from their clients exclusively over the phone or online. Others, who see their clients in-person, enjoy the convenience of not requiring a credit card to be physically present at the time of service. This enables you to process recurring payments based on a one-time authorization from your client.
Free technical support is available for merchant accounts- in some cases 24 hours a day. Contact Us. You can get personal assistance by phone, email or live chat or visit our online Support Center.
There are two main ways to collect credit card payments online. You can get a merchant account for your business, or you can process transactions through a third party merchant account. Having your own merchant account gives you great flexibility and benefits. For starters, your customers will not be required to sign up for an account through a third party (like PayPal) to pay you for your products or services. Depending on the provider you choose, you can accept credit cards online, over the phone and in-person.
We offer you access to some of the lowest rates and fees for merchant account services in North America. Our web-based virtual terminal and processing systems utilize the most functional, easy-to-use and cost-effective payment processing solutions in the marketplace today.
We build our business based on referrals and education, rather than telemarketing, spam or other intrusive sales techniques. Our primary focus is on service; not sales.
The PCI (Payment Card Industry) compliance standards were created by major credit card issuers to protect sensitive information and ensure credit card transactions are secure. Any business or financial institution that wants to accept credit cards has to comply with these standards. Non-compliance can result in fines from credit card companies and banks and even the loss of the ability to process credit cards.
PCI applies to ALL organizations and merchants -- regardless of size or number of transactions -- who accept, transmit or store any cardholder data.
Yes. Using a third-party company (like Pay Pal) does not exclude a company from PCI compliance.
The quick and easy answer is to protect your business and your customers. Incidents of fraud -- on a small and large scale-- are on the rise as cyber criminals develop new ways to access and steal credit card information. The PCI DSS requirements may seem obvious, but the rewards of demonstrating your compliance are real. It's always best to stop security breaches before they happen and annual compliance with the standards is a great way to make sure you are (securely) tying up all loose ends.
It will help you protect the safety of your computer network and avoid certain liabilities in the event information is illegally accessed.
For a small business, even a small security breach can cost $25,000+ in fines and legal fees. PCI compliance is required AND protects you from potential vulnerabilities you may not be aware of.
Maintenance of a secure network
For online businesses, this means the security of cardholder data on your web server. Most web hosting companies take responsibility for the security of their networks. Your part as an online merchant involves keeping cardholder information safe. For example, if you are on a public network on your laptop, do you house customer information there? Do you have the appropriate firewalls in place to prevent fraudulent access to this information? You must take all necessary measures to ensure that sensitive personal and credit card information are stored in a secure location.
Cardholder Data Protection
Business owners that choose to store cardholder information have an obligation to ensure no one else is accessing it. Many companies choose to encrypt credit card data, so that even if someone did access it they could not use it.
This area also pertains to how to credit card information is transmitted. When a customer makes a purchase on your website, their personal information is sent across the Internet. Cardholder data must be encrypted with at least a 128 bit SSL certificate in order to meet this standard.
Vulnerability Management Program
You can minimize your chances of exposure to fraud by regularly updating the hardware and software on your computers and adding anti-virus software with regular virus scans.
Most security breaches are a result of human error. You must limit access to cardholder data to only those who need to use it. Also, giving a unique login/password to each user who can access sensitive information allows you to track any security breaches to their source.
Monitoring and Testing Networks
Regular scans of your computer and checking network access to cardholder data are required to satisfy this standard. There are several security testing and auditing services business owners use for this to help identify and eliminate potential risks. Contact DirectPay if you would like more information.
Information Security Policy
Lastly, you must draft and implement a company-wide information security policy to hold all team members accountable for any security breaches. Make sure that your employees know and understand their responsibilities with regards to cardholder data.
For more information: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
Because credit card companies may fine an acquiring bank anywhere from $5,000 to $100,000 per month for PCI Compliance violations, merchants who are not compliant will have to pay a monthly fee. The bank may also decide to terminate the relationship with you or increase your transaction fees.
If you are a DirectPay client, the fee for non-compliance is $35 per month until the requirements are met.
The process to become PCI Compliant involves determining merchant validation levels, building and maintaining a secure network and implementing strong access control measures. It differs somewhat for all businesses. More information on the process can be found here.
If you have a payment processor, chances are they have a ready-to-go secure gateway in place, so the process should be much less complicated.
If you are a DirectPay Client: DirectPay has set up a free PCI Compliance Program to assist you in meeting the requirements. You can access a Self-Assessment Questionnaire that, once submitted, will grant you compliant status. Just follow the process below:
1. Go to https://directpay.pcicompliance.ws/
2. Create a Login Username and Password.
3. Complete the Self-Assessment Questionnaire.
4. Submit – and you’re finished.
For more information on PCI Compliance, visit www.pcicomplianceguide.org.
© DIRECTPAY Inc. All Rights Reserved
DIRECTPAY is a registered ISO of Wells Fargo Bank, N.A., Concord, CA