Paying Gig Workers: A Brief Guide

The gig economy is upon us, and that’s great news for parking industry business owners. But how do you pay a gig worker, and how are they different from full-time employees? This article will give you an overview on what gig workers are, why you should use them, and how they are paid.

What is a Gig Worker?

A gig worker is someone who earns income beyond the traditional setting of long-term employment. They are often known as independent contractors, contingent employees, or in certain industries, freelancers. They often work for different companies at different times, but may have clients they work for on an ongoing basis.

Gig workers tend to be temporary hires typically brought on board to complete or contribute to a specific project. In other instances, instead of contributing a single project, they are brought on for a pre-set period of time. In today’s world, full-time jobs are becoming less common as short-term gigs and contract work takes over.

Why Are More People Choosing Gig Work?

Gig work, or “contingent work,” offers a high degree of flexibility, especially when contractors can work remotely. Gig workers have also been shown to have a higher overall level of job satisfaction than long term, full-time employees.

Being a contingent worker also gives you greater variety in terms of the companies you can develop relationships with. In some cases, these relationships can be nurtured for repeat work over a period of many years. Occasionally, they can also turn gig workers into permanent hires.

Why Are More Companies Hiring Gig Workers?

Gig workers are attractive to companies for a variety of reasons. First and foremost, gig workers are a great solution for projects that require extremely specialized talent that you won’t immediately need again.

For example, say you need to migrate your company’s website from the HTTP protocol to the more secure, modern HTTPS protocol. While your typical website upkeep can be done in-house, this sort of more specialized task might require outside help. That means it’s time to hire a gig-based web developer to help you make the upgrade. Once they’re done with the update, their services will no longer be needed.

Choosing a gig worker is inexpensive, since you won’t be expected to provide benefits such as health insurance coverage or a 401(k). Worker’s compensation and other insurance may still be required, but not in all cases. It depends on what kind of work you are hiring for.

Overall, the smart use of gig workers can reduce your overhead costs substantially.

How Do You Pay a Gig Worker?

Gig workers are usually paid by the task or project, though some are paid hourly. Today, more and more gig workers are asking to be paid up front, at least in part, for their services. This is due to the explosion of activity in the gig economy—with more and more independent contractors in the workforce, worker’s rights coalitions have sprung up throughout the country to encourage gig workers to demand more from employers.

Freelancers are taking more precautions to avoid ending up with clients that don’t pay them, and requesting partial upfront payment is one trend that reflects this.

Alongside the explosion in gig workers, there have been huge leaps forward in the digital payments industry. This means more and more contract workers seek to be paid digitally, whether in cryptocurrency, or their native currencies on digital platforms like PayPal. The days of mailing checks are quickly ending.

Oftentimes, paying a gig worker involves fees from middlemen like payment processors or costs associated with currency conversion. Any side costs need to be factored into the gig worker’s final payment. Make sure to research what these are before you agree on a price.

Also, when you hire contract workers for gig jobs, take note of the different tax ramifications. The required tax forms are different for different types of workers, and ignoring the issue could result in harsh penalties. Freelancers are often responsible for self-employment taxes and, as the hiring company, you may have to deal with different tax implications as well.

Final Thoughts

From minimum wage positions to high-paying freelance assignments, independent work and gig-based positions are more common than ever and can be very beneficial in the parking industry.

Gig workers offer many benefits to employers, but they come with different rules and considerations. Always make sure the terms of the project, payment guidelines, and other factors are clearly agreed-upon in writing before you start. A contract signed by both parties is a must, both to protect the rights of the freelancer, and to protect yourself as an employer.


Processing CBD Companies’ Payments

CBD products are taking the world by storm. However, CBD is a unique chemical that has a murky legal status, confusing customers and merchants alike. To make matters more complicated, there are lots of misconceptions about what CBD is and what it all means for payment processing and retail sales.

Here we’ll demystify CBD itself, and then tell you what you need to know about processing payments for merchants that sell CBD-based items like tinctures, gummies, vape pens, vape oil, and other CBD oil products.

What is CBD?

Short for Cannabidiol, CBD is a chemical compound extracted from the cannabis plant. When you ingest it, however, it doesn’t get you high. The cannabis high is caused by the ingestion of THC, which is an entirely different compound than CBD. Both THC and CBD work with the brain’s cannabinoid receptors, but to a very different effect.

Once CBD is extracted from cannabis, this naturally-occurring substance is then incorporated into products like oils, tinctures, edible snacks, baked goods, even creams and lotions with supposed anti-inflammatory effects.

It’s different from medicinal marijuana, because medicinal marijuana is just like the kind you buy on the street. That is, it alters your perception. CBD takes its effect without intoxicating you. Both CBD and THC are cannabinoids, which means they are chemicals taken from the hemp plant. However, there are different effects and legal implications regarding different cannabinoids. That’s where people start getting confused.

Even though it doesn’t get you high, consumers find that CBD seems effective for a variety of ailments. While limited scientific research means there’s still much to be learned, people use CBD for everything from chronic pain and post-traumatic stress disorder to multiple sclerosis and Alzheimer’s disease.

Processing CBD Industry Payments

Because of its association with marijuana, the CBD industry has faced challenges when it comes to accessing financial services. Banks, payment processors, merchant accounts, and other institutions have been hesitant to offer services to companies selling a product that still has a murky legal classification.

This provides potential opportunities for other companies to step in, however. This section will get into some of the complications with processing CBD industry payments, and some of the solutions CBD companies have figured out.

Hemp and Banking

Hemp and cannabis are often confused, and with good reason: there are strains of the cannabis sativa plant that can be grown without THC…that is, they don’t get you high. These plants fall into the category of industrial hemp.

Once hemp is harvested, there are hemp products called hemp oil and hempseed oil that can be made from it that are often sold legitimately. Sometimes, however, they are disguised as CBD oil, despite containing no CBD. They are sold as dietary supplement called “CBD Hemp Oil,” or under a similar name. But because the industry is still unregulated, product labels are often deceptive.

Regardless of where the plants end up, non-THC containing hemp plants are legal to grow. Since it isn’t a controlled substance, there shouldn’t be any legal issues associated with growing it and using it to make products like hemp oil. However, financial institutions are notoriously conservative and always err on the side of caution. Hemp is no different, and the fact that there’s still lots of confusion on the hemp vs. cannabis, THC vs. CBD question. Hence, the industry is facing lots of resistance when merchants try to find payment processing services.

There is another factor to the resistance, however. Since many CBD and hemp-based products make medical claims, the industry is considered high-risk. This is because of a lack of clinical trials or FDA approval for any claims that CBD can be used to treat disease. Without a stamp of approval from the FDA, the industry will remain high-risk. And as with all high-risk industries, it is harder to find financial partners. Once CBD companies do find a payment processor and bank, there are often higher fees associated with doing business.

Using Square for CBD Company Payments

Square is one payment processing and merchant services company that is taking the plunge, offering select CBD merchants an invite-only chance to beta test a payment processing solution for CBD sellers. It’s a huge opportunity for them that could come with pitfalls, but also the chance to fill a need and corner a rapidly-expanding market. The forward-thinking approach could pay off hugely for Square.

Final Thoughts

For a natural product with none of the inebriating effects of THC, CBD could hold great promise. As the CBD industry expands and matures, more legal clarification will develop regarding its status. There will likely also be more clinical trials showing whether or not CBD has health benefits like easing anxiety, reducing pain, and powerful anti-inflammatory properties. As a result, payment processors, banks, and other financial institutions will become more willing to offer services.

In the meantime, forward-thinking innovators like Square are getting a head start. CBD doesn’t look like it’s going away anytime soon, so the only question is, how long will it be until banks start treating it as a mainstream industry with a moderate risk profile?

No one knows for sure, but when they do, the industry will have an opportunity to expand faster than ever. And as more states legalize THC itself, there will be a whole new flood of cannabis products on the market with merchants in need of payment services. As the cannabis plant gains further acceptance, doing business in the industry will become easier and easier.

3D Secure: What is it, and how can it protect your business?

In the age of ecommerce, data security protocols are needed to protect merchants and their customers. Enter 3D Secure. 3D secure provides extra layers of authentication for each credit card and debit card transaction, making it harder for hackers and fraudsters to steal your customer’s identity. This article will explain what 3D data is, and how to use it to decrease fraud and reduce the chances of identity theft for your customers.

What is 3D Secure?

“3D” usually refers to three dimensional. However, the “3D” in 3D Secure means “three-domain structure.” This refers to three components involved with any 3D Secure credit or debit card transaction. These are called the Acquirer Domain, the Issuer Domain, and the Interoperability Domain:

  • Acquirer Domain:This domain refers to you (the merchant) and your bank
  • Issuer Domain:The issuer domain the bank that issued the customer’s payment card
  • Interoperability Domain:This domain is the payment system or credit card infrastructure that allows the payment to occur.

When customers make an online card not present transaction, 3D Secure protects data between all of the three domains. For online purchases, many major credit card brands are implementing their own version of 3D Secure for their customers. Visa has branded their service Verified by Visa, and Mastercard calls their version Mastercard SecureCode.

How 3D Secure Works

3D secure uses XML messaging, which is part of a computer programming language called Java. XML is essentially a secure way to move data from one software system to another. Essentially, once a customer enters their credit card data, the system looks at a directory server that contains a ledger of legitimate credit card customers. Once the customer is found, the server confirms to the 3D Secure system that the card is legitimate.

The customer is then prompted to enter a unique pin code. If the pin is correct, the transaction is sent to the acquiring bank to be authorized. Finally, the customer will receive a message confirming whether their payment was successfully processed.

Not all transactions on your website need to be 3D Secure enabled. You can reserve them only for certain transactions, such as those that are higher-risk or are above a certain dollar amount.

Pros and Cons of 3D Secure

3D Secure is fantastic for reducing fraud, but it does come with certain limitations. First off, not all credit cards participate in the program. Secondly, it doesn’t eliminate instances of credit card chargebacks. Chargebacks are caused by customers themselves, rather than hackers.

However, there is still a chargeback-related advantage to 3D Secure. Since it routes the payment differently, authenticating through the acquiring bank, as a merchant you are more protected from liability. Instead of you being liable for chargebacks, 3D Secure shifts the liability to your issuing bank.  In addition, certain companies like Visa (but not Mastercard) have additional chargeback protection, giving you extra peace of mind that excessive chargebacks won’t drag down your business.

Also, because security is improved, using 3D Secure can net you lower interchange fees. These fees are tacked onto every single transaction, so even a slightly lowered interchange rate will add up fast. Lastly, your customers will feel more secure if your site uses the latest and greatest security protocols. Having a high level of trust in your company and website will keep them coming back to buy again and again.

The only real potential pitfall of 3D Secure is that it adds an additional step for customers to complete before their transaction can be finished. This can cause a reduction in conversion rates if customers decide to leave before finishing the transaction. Many ecommerce buyers are used to “one-click ordering” and a fast transaction process, so be sure to clearly notify them early in the process that your site uses extra protection to keep them safe.

A very simple explanation of 3D Secure at the beginning of checkout does the trick, preparing customers by letting them know that there will be an extra step during the transaction, but that it adds security to protect their payment information. Make sure to include the Verified by Visa or Mastercard SecureCode logos, and linking to their homepages. This allows the customer to find additional information on the process, if desired.

Do I Need 3D Secure for My Business?

Not all businesses need 3D Secure, but whether or not to implement it is up to you. Ecommerce merchants who sell high-priced items or take large deposits may want to enable it for the extra security it offers.

Risks of 3D Secure

A reduced conversion rate is possible when any new step is added to the checkout process. For customers, phishing fraud is still a risk with 3D Secure. Phishing is when someone creates a fake web page that impersonates yours, getting customers to click on their fake website instead of your real one. Then, when they check out, whoever set up the scam website collects your credit card information and pin code as the customer enters it.

However, this type of fraud is not unique to 3D Secure. It is a common scheme to get around many types of online security. To avoid it, encourage customers to bookmark your site and only visit by opening the bookmarked page. Visa has also added a secret phrase that appears during checkout, showing the customer that the checkout page is genuine any time the secret phrase appears.

Final Thoughts

3D Secure is a great way to add an extra level of authentication to your online checkout process. However, it comes with potential pitfalls and limitations. The best way to determine if it’s right for you is to learn more about it, so talk to your credit card issuer with any questions you have about implementation.

Overall reductions in conversion might be offset by savings in fewer chargeback disputes and a lower interchange rate. After you try it, see what effect it has—sometimes the best way to know if something is right for your business is to test it out for a short period and look at the data to see if it was successful.

How to Stay Up To Date on Your Payment Solutions

Payments have come a long way from cash and cards. As a business owner, to accept payments in as wide a variety of forms as possible is just good customer service. That’s why it’s important to stay up to date on developments in the world of payment solutions. With this guide, we’ll tell you more about why it’s so important to stay up to date, and then give you some tips showing how it’s done.

Why is it Important to Stay Up to Date?

Staying up to date on payment methods is important because it helps you know your customers better. By knowing your customers, you can increase sales. One of the keys is that by staying up to date on payment methods your customers want to use, you can give them more ways to pay than your competitors do.

Nowadays, these can include a ton of different options. In addition to paying with credit and debit cards, customers can use mobile payments through apps like Apple Pay, using contactless payment microchips, social media payments, and other technological advances.

One of the big benefits to offering these sorts of payment types is increasing your customers’ loyalty. When customers decide they love a new way to pay, whether it’s through a mobile app on iOS or Android, or some other way, you offering this payment method through your payment processor will keep them coming back.

On that same token, if they decide they have a new favorite payment method that you don’t offer, they may start shopping at a competitor that offers it. Keeping up can get you more loyal customers, and not keeping up could make you lose customers that you’ve had for years. With all the choices of payment method and merchants that customers have, it will impress customers to show that, even as a small business, you are on the cutting edge.

How Do I Stay Up to Date?

Know Your Business

Ask yourself the following question: Do you need embedded online payment solutions in an ordering system? Knowing the needs of your business is the first step to knowing what payment solutions you need to offer your customers.

Determine what payment types your customers want, and then figure out what upgrades you need in order to offer them. You can do this just by asking, getting an idea of what their expectations are. To accommodate them, you might need new software or hardware.

For example do you need an embedded link to an online payments portal? Do you need a mobile wallet reader? These are all potential equipment upgrades that might come into play.

Also note that to accept payment types beyond credit card payments, there may be different fees you have to pay. Mobile wallets may not come with fees from a credit card processor, but they may have a unique transaction fee all their own. Similarly, digital wallets and other types of online accounts might also require investing in special equipment. Do your research to determine how much these fees will cost versus processing credit card transactions. You might find that offering alternative payment processing solutions could actually save you money.

Know Your Customer

We touched on knowing your customers’ wants and needs earlier, as it’s one of the most important factors for what payment solutions your business should adopt. By knowing how your target market prefers to pay, you can make sure you’re satisfying their needs.

Talk to Your Payment Processing Provider

Your payment processing or payment gateway provider can help you get set up with the hardware and software you need to allow your customers to pay using their preferred method. They will help you figure out what solutions you need to add to your arsenal in order to satisfy your customers.

Final Thoughts

Payment solutions have evolved far beyond Visa and Mastercard. Five or ten years from now, payment methods will be common that hardly anyone today has heard of—if they even exist yet at all. Staying up-to-date means retaining the customers you have right now, and snagging new tech-savvy customers who will become loyal to your business for years to come.

How will EMV technology impact my business?

EMV chip-based credit cards are taking the payments world by storm. It’s clear now that the further spread of EMV is inevitable, so merchants are left wondering how it will end up affecting their business in the long run. This article will give you a full rundown on what EMV is. From there, we’ll tell you what you need to know about how it will impact your business on a day to day basis.

What is EMV?

EMV stands for the credit card companies Eurocard, Mastercard, and Visa, and it represents the three major credit card carriers that now use microchip technology instead of magnetic strips. This technology is now known as an “EMV chip.” Because the microchips offer better security than magnetic strips, other carriers like American Express and Discover are using EMV credit cards as well.

For EMV, the card is inserted into a contactless system rather than swiped. This is important—because the chip never has to make actual contact with anything, cards don’t wear out as fast. For further card authentication providing an added layer of security, the customer can then be prompted to enter their pin.

Contactless EMV microchips have become the global standard for credit card security. This is an improvement from the less secure magnetic strip, which has appeared on debit cards and credit cards since they were invented. The magnetic strip contains card payment data and while EMV cards still have the strip, sensitive cardholder data is now protected in the microchip instead of the much more vulnerable magnetic strip system.

The reason cards still contain the magnetic strips is so that merchants who can’t afford to upgrade to EMV card readers yet will have time to catch up. Eventually, magnetic strips will most likely be phased out completely in favor of EMV readers and verification methods.

Why is EMV the New Standard for Credit Cards?

EMV cards are an enormous step forward in terms of verification and fraud reduction. First off, the old magnetic strips are easy to replicate if a credit card is stolen. Microchips, on the other hand, are extremely expensive and time-consuming to replicate. For a lost or stolen card’s EMV microchip to be duplicated, it would take tremendous technical skill and special equipment.

In addition, EMV cards can’t be hacked using card-skimming machines. ATM skimmers are essentially fake ATM card swipe readers that can be installed over an ATM machine by a thief. Since they seamlessly integrate with ATM machines, skimmers look and feel just like real ATMs. But when you swipe your card, your personal data is stolen and stored in the skimmer. Later, when the fraudster retrieves the skimmer, they have the debit and credit card info of everyone who used it.

With EMV cards rendering skimming attempts useless, the credit card industry has defeated one of the most powerful weapons used by credit card thieves. As a result data breaches will become less likely for the life of your business.

How Will It Impact You?

EMV magnetic chip cards primarily impact merchants taking payments in person, where a customer uses their physical credit or debit card. For service-based merchants, the impact will be minimal. There will also be very little impact for certain types of transactions. If your business operates primarily with one of the following forms of payment, EMV cards will have very little if any impact:

  • Mail or Telephone Orders: If your business primarily processes transactions through the mail or over the phone, the EMV system won’t matter much for you. While modern retailers are doing fewer and fewer of their transactions this way, it is sometimes necessary to use a mail or telephone ordering system. Since these systems collect credit card data by hand, the existence of a microchip makes no difference.
  • Orders Where Payment Info is Entered Manually: For Ecommerce merchants who only collect orders via an online ordering system, either through a mobile application or a virtual terminal, EMV has no impact. For these card-not-present transactions, payment info is entered manually. Since the card is never physically swiped or inserted, the EMV chip is replaced by other security methods.

Technology Upgrades

For other merchants, however—those that process cards in person, using card readers—the EMV system requires that they upgrade their point of sale terminals. Merchants who only have a swipe reader capable of reading magnetic strips will have to buy a new card reader that allows cards to be inserted for the microchip to be read.

If you don’t upgrade your POS equipment, your business could be held liable in cases of credit card fraud. The reduction of fraud liability can make all the difference when just one data breach can bring on a lawsuit where plaintiffs are demanding tens of thousands of dollars. While some businesses might be hesitant to upgrade due to cost, EMV payment technology is becoming more and more affordable. You can also use it as an opportunity to modernize your front-end operations by accepting mobile payments through apps like Apple Pay.

For these apps to work, your registers and POS terminal needs to have NFC-compatible payment technology. This means “near-field communication,” and it essentially allows a machine to register data from a card even though no physical contact is made between the card and the machine. Since EMV and NFC are companion technologies, investing in smart EMV readers that can read both microchip credit cards and mobile devices alike.

Lastly, if you have even one instance of fraudulent activity due to not having EMV-compatible equipment, the cost of the upgrade could end up paying for itself.

More Benefits to EMV

The benefits to EMV don’t stop at security. EMV also allows transactions to happen faster, meaning reduced wait time and shorter lines. That means happier customers.

As an added bonus, this also means that EMV allows you to process more transactions in a day. That means more sales revenue, but it could also snag you lower credit and debit card processing fees and a better interchange rate from payment processors. Added cardholder security can improve your negotiating power for a lower interchange rate as well.

Final Thoughts

There is no escaping the rise of EMV technology for credit cards. But don’t fret! Consider it an opportunity to reach more customers, reduce liability and instances of fraud at your store, and process more transactions than ever. Change can be scary, but if you play your cards right, it can also come with enormous opportunities along the way!

Airline Miles: How we got here and why merchants bear the cost

Airline mile points on credit cards are a great way to increase customer engagement, because they’re a dream come true for travelers. After building up enough points on a credit card linked to an airline brand, frequent flyers accumulate “frequent flyer miles” that they can cash in for flights anywhere in the world. As a result, customer loyalty is rewarded, which in turn keeps those customers coming back to the same airline. In short, it creates loyal customers for life.

Who Pays for Frequent Flyer Loyalty Programs?

When you rack up enough loyalty points for a flight, it feels like a free trip! But is anything truly ever “free?” As our investigation discovered, it’s actually merchants who are bearing the cost of these accrued airline miles, through the processing fees charged by credit card companies.

When a customer earns miles as part of a flyer program, there is a cost associated with that. And someone, somewhere, has to pay it. That’s where fees like interchange fees and foreign transaction fees come in. When legislation like Dodd-Frank cut the maximum fees that credit card companies could charge, loyalty programs took hold.

Card companies shifted to interchange fees for more profit, and those fees are passed onto merchants. Merchants have had to charge more, but customers paying with rewards cards will earn reward points that are funded by these same fees.

The end result is this: Customers earn bonus miles through their card’s rewards program, while merchants pay higher interchange fees.

Loyalty Program Costs

In Europe, interchange fees are capped at a very low amount. This is great for merchants, but has resulted in credit card companies getting rid of their travel rewards cards, and reducing other types of loyalty rewards and benefits for cardholders.

The effect is the same for loyalty programs that get you elite status, early boarding, and other perks. Each of these perks comes with a cost, and the cost is usually borne by merchants in the form of interchange fees from credit card issuers.

Customer Loyalty & Your Interchange Rate

This creates a secondary form of customer loyalty: loyalty to the credit card brand. With the partnership between airlines and credit card brands, loyalty to both is rewarded, while merchants bear the cost.

As time goes on, more and more customer loyalty programs will begin issuing rewards based on money spent rather than simply on mileage. This means that first class flyers will be rewarded more than those who book economy class flights, racking up better rewards for their hard-earned dollar. By doing it this way, more of the cost can be reliably offset with higher interchange fees on the credit cards.

How to Offset High Interchange Rates

Since loyalty programs require credit card issuers to charge merchants higher interchange rates, many merchants respond by raising costs on their customers. Unfortunately, this is the easiest and most direct way to offset the extra cost. The good news for customers is that spending more money at your store can sometimes net them even more points.

You can also find ways to encourage customers to pay in cash, reducing the number of credit card transactions you process. The downside to this strategy? Lower transaction volume means higher overall interchange rates, so you might end up cancelling out part of or all of the benefit you get from cash customers.

Another potential way to offset the costs is to make your company more financially efficient. By lowering your bills and finding better ways to budget, you can make your business lean, saving precious pennies on things like payroll, inventory, even electricity. This frees up money for paying the hidden costs of loyalty programs, but will also make your business work better in the long run.

Final Thoughts

It’s an unfortunately reality of airline miles and other loyalty programs that merchants are the ones who shoulder the financial burden. How this might change in the future is anyone’s guess, but in the meantime, do what you can to offset the costs of these programs by becoming a more efficient business and negotiating the lowest possible interchange rate from your credit card processor.


Data Levels

What are data levels?

Credit card processing is involved in every digital transaction using a credit card or debit card. This process transfers credit card information to and from the issuing and acquiring banks involved in the purchase. These transactions must be secure and PCI compliant to prevent data breach and confidential information from being stolen. For security and PCI compliance purposes, different data levels are involved in various credit card transactions. Digital transactions that require secure data transfer may occur within the following parties: business and consumer, business and business, or government corporations. As the data level increases, the requirements for verification and authorization are heightened to ensure the security of processing. Level 1 data processing is used in business-to-consumer transactions, regardless of the size of purchase.  Level 2 data processing is required for business-to-business transactions. Level 3 data processing requires the highest amount of security for government or corporation transactions.

Level 1 Data

Level 1 data involves transactions between businesses and consumers. As the first data level, it requires minimal details for verification. This transaction is initiated by the consumer’s personal credit card. The only data required for this purchase is the credit card number, expiration date, and amount of the transaction.

Level 2 Data

For business to business transactions, level 2 data requirements must be met. These transactions require level 1 details, in addition to the tax amount, PO number, and zip code of purchase. As the requirements for level 2 processing increases, the consumer is better identified, and as a result, there is greater guarantee of secure transmission. The higher the data level, the lower the transaction cost. Considering, the increased verification of level 2 data, the transaction cost of credit card processing is reduced.

Level 3 Data

Level 3 data occurs between government agencies or corporations. Due to the highly classified nature of government transactions, this data must be verified by gathering detailed information regarding the parties involved. Although it may go without saying, level 3 data is the most secure. Each level 3 transaction must include the previous details from levels 1 and 2. In addition, the following information must be provided: line items and categories of shipment, destination of shipment, invoice number, freight amount, and duty amount. These transactions are only performed via eCommerce and primarily for government agencies. However, business-to-business transactions may occur at level 3 as well. Based on the severity of clearance required for level 3 processing, these transactions often cost the least of the three levels. As previously stated, an increase in information verified, lower the transaction risk, and therefore, reduces the transaction cost.

Acquiring Level 3

Due to the level of detailed verification and authorization required, not every transaction can be processed at a level 3 data clearance. Notably, not all credit card processors can accept transactions at the 3rd level, as a specific gateway and deeper integration is needed for these secure transactions. A variety of software companies, such as BluePay, Tidal Commerce, and Dharma Merchant Services, can provide the necessary gateway for processing. Additionally, comprehensiveinformation must be provided for Level 3 transactions.


There are many benefits to level 3 data processing. At the highest security clearance, businesses and corporations can save an average of 1% on interchange rates and processing fees. This can add up to a hefty savings for any business. When processing transactions at a Level 3 clearance, an itemized invoice is provided, allowing for simplified billing and accounting. Additionally, businesses and government entities can place restrictions on when or how the credit card is being used. Monthly upper limits for transactions can also be established.

While pursuing Level 3 data processing might sound ambitious, it can certainly be advantageous for many businesses. Due to significant financial savings and low-risk transactions, it is often wise for large businesses, corporations, and government entities to pursue Level 3 data processing.

PCI Self-Assessment Questionnaire – how to pass it and how to stay complaint

If you’re an ecommerce merchant processing card-not-present transactions, you need to be PCI compliant. PCI stands for “Payment Card Industry,” and being compliant means staying up to date on all the necessary data security practices.

Since hacks of customer credit card data could sink your business, a trade organization called the PCI Security Standards Council creates, updates, and enforces what are known as the PCI standards. These are protocols that are meant to protect merchants and customers from fraud. Collectively, these standards are called the PCI-DSS, or “PCI Data Security Standard.”

To enforce the PCI DSS, merchants fill out something called a PCI SAQ, or “Self-Assessment Questionnaire.” The PCI DSS Self-Assessment Questionnaire lays out step-by-step questions to make it easier to comply with PCI-DSS. In this post, you’ll learn more about the standard and the questionnaire.

By being ready for the PCI security questionnaire, you’ll be in the best possible position to stay compliant. That means avoiding costly penalties for non-compliance, staying one step ahead of hackers, and protecting your company from customer lawsuits resulting from credit card fraud.

After all, nothing damages customer trust like a breach of cardholder data.

How Do I Get PCI-DSS Compliant?

Different merchants have different compliance requirements depending on their category. These categories are meant to give different types of merchants a way to report on compliance to stay in good standing with the PCI.

The first step to PCI-DSS compliance is figuring out where your business stands. There are different “levels” with various criteria from each of the major credit card companies. These levels determine your individual reporting requirements.

Different credit card brands have different criteria for each level. That’s why you have to check with each credit card brand—one company will have different criteria for meeting each level than another.

What Are the Levels of PCI Compliance?

As previously mentioned, the exact criteria for each level of PCI compliance is different for each credit card brand. For example, Visa e-commerce uses slightly different requirements than merchants processing Mastercards.

For all of the different brands, levels are based on your overall risk profile as a business. The information below gives you a good idea of what to generally expect based the total credit card payments your company processes yearly. The PCI Self Assessment Questionnaire helps you determine which level you fall into.

Level 1

Level 1 requirements come into play for merchants that process six million or more transactions per year.

Level 2

Level 2 merchants are those processing fewer transactions than those in the Level 1 category. To be a level 2 merchant, you have to process at least one million transactions per year. But process more than six million per year, and you’ll be bumped to level 2.

Level 3

Level 3 is applicable for merchants processing between 20,000 and one million transactions per year.

Level 4

Level 4 requirements are commonly for small companies. However, a company that processes very few transactions can still be taking in high amounts of revenue, it just means that each client comes with more revenue opportunity. Either way, level 4 merchants are those that process fewer transactions than any of the other levels: under 20,000 per year.

How Often is PCI-DSS Validation Required?

In order to be PCI-DSS compliant, there are validation processes that must take place. These involve self-assessment questionnaires and PCI representatives called Qualified Security Assessors, or QSAs. However, the details and frequency of validation varies according to which level your business qualifies for.

As outlined in the last section, your company’s level is based on the total number of annual transactions. But in addition to annual transactions, your level might be different depending on which card brand is assessing you. Consult each of them individually to determine your PCI DSS requirements for each.

Typically, merchants at levels 2, 3, and 4 are only required to complete a self-assessment questionnaire. Meanwhile, level 1 merchants are validated by a Qualified Security Assessor (QSA) from the credit card company.

What are the requirements to be in compliance with PCI Data Security Standards?

Security Management Procedures

If you’ve ever asked yourself, “How do I become PCI compliant,” the first step is in adopting the proper security management procedures. Proper security ensures that customer credit card information like account numbers and expiration dates are protected at every phase of checkout, both on your end and on the part of your acquiring bank.

Since ecommerce involves the transmission of information through various servers and networks, there are lots of opportunities for fraudsters to try to swoop in and hack the data. Protecting it requires security measures at every layer: the ecommerce store, the network architecture, and the actual payment processing software. We’ll discuss each of these in more detail.

Ecommerce Store

Your ecommerce store is where customers add items to their shopping cart and begin the checkout process. All ecommerce websites should be Hypertext Transfer Protocol Secure, and use https. HTTPS-active sites display “https://” at the beginning of a website address, before the “www.” On https sites, information moving across the servers is more secure than on non-http sites.

Your checkout system should also use SSL encryption. “SSL” stands for “Secure Sockets Layer,” and it refers to certain cryptographic protocols for securing digital information as it moves from place to place.

PCI-DSS Compliant Software

If you use checkout software from a third party, make sure they use SSL and any other necessary encryption methods. While you can usually expect SSL encryption to be a standard feature from any reputable credit card payment service provider, always double-check.

Without encryption, hackers could have free reign over your customer’s payment card information. Anti-virus software is only the beginning—you need to make sure your payment card payments processor and other vendors use the latest encryption technology. You also need to make sure that you have secure data storage and transmission throughout the entire process.

PCI-DSS Network Architecture

PCI compliance demands a strong network architecture…that means your networks need to take security seriously during the design phase, and that security not be phased in as an afterthought. Also, once a strong network is built, it needs to be maintained.

Maintaining a secure network requires ongoing checks and updates. You need to analyze your network systems for any vulnerability. You should also have a plan in place for dealing with them. Monitor your network for signs of intrusion or other issues, and perform security tests regularly so that you can catch weaknesses early, before a hacker has a chance to exploit them.

How Can I Stay Compliant?

To stay PCI DSS compliant, many merchants will have to get a quarterly self-assessment scan done by an approved vendor. The purpose of the scan is to find vulnerabilities in your credit and debit card payment systems.

These scans usually happen quarterly, but they are also necessary if there are any major changes to your network or system. For example, updating your computers or switching to a new provider would both be situations where you should be re-scanned to stay compliant.

For the scan to be effective, it has to cover all systems that communicate credit or debit card information. That includes the network itself but also your operating system, web-based application software, payment terminals, network, and any other software or hardware system that receives, transmits, or stores payment data. To keep up with proper PCI data security, get your systems scanned every 90 days.

Final Thoughts

The PCI DSS is there to protect you and your customers, and the PCI DSS SAQ makes the process quicker and easier, saving you time and money. But proper security controls shouldn’t be looked at as a nuisance. Rather, look at them as an investment.

By putting in the effort to become DCI compliant with the standard PCI protocols, you’re saving yourself the hassle of dealing with a data breach. These breaches can cause a loss of customer trust that can take years to earn back. The investment in avoiding serious data leaks with a regular PCI DSS assessment could be one that saves your business.

Merchant Accounts in Puerto Rico: Everything You Need to Know

The process of opening and on-boarding merchant accounts in Puerto Rico is quite different than in the US. From different providers and standards to tax considerations, there are lots of differences between the business environments of Puerto Rico and the mainland United States that affect the process.

For that reason, it can be challenging for newcomers to open or on-board a merchant account on the island. However, as we learned, it can be done! When a GAM client wanted to moved their operations to Puerto Rico, we learned a lot about navigating the process in a place where the rules and processes were different across the board.

Here, we’ll share everything that going through the process taught us.

Initial Challenges: Learning How Merchant Accounts Work in Puerto Rico

When we were first tasked with moving this client’s account to Puerto Rico, we knew we needed help. But we weren’t able to on-board the account through any of our usual channels, as they weren’t set up to handle it—that even includes resources in Europe and Latin America.

So we took the only route that we had left, and spent countless hours on the phone consulting with experts in the payment industry. These consultants have a combined industry experience totaling hundreds of years, and are the best and brightest in the business. Finally, after long conversations with some of the most knowledgeable and experienced people throughout the space, we were able to figure out how the Puerto Rican system works.

Only then could we engineer a solution for our client…and it turns out, it all started with Puerto Rico’s unique system for credit card processing.

The Unique Debit Network in Puerto Rico

Just about every payment terminal and merchant account in Puerto Rico has an account or pin number associated with it that starts with a zero. This is a function of how the main bank debit network in Puerto Rico was designed. In the US, accounts from brands like MasterCard, Discover, and American Express all have accounts that begin with other numbers.

As a result, payment terminals easily malfunction, because they are not designed to recognize an account number that starts with zero. This complicates business for payment processors. To make matters worse, changes in the tax system began to require daily reporting for taxes, making things even harder for payment processing businesses and merchant account companies.

As a result, most payment processing companies took their business off of the island. Only the biggest ones could manage to stay profitable in the new business environment, making the biggest payment processing companies even bigger and more powerful. With their own account number system unique to the island, now just two payment processing companies essentially control all of Puerto Rico’s payment processing business.

As a side effect, because merchants only have two choices, there is very little competition in Puerto Rico’s payment processing industry. So much control from so few companies results in higher rates for businesses in need of a merchant account, payment processing partner, or POS system.

In Puerto Rico, there are also different tax laws than in the United States. These play a critical role in the process of opening a merchant account there.

Taxes in Puerto Rico

Tax reporting in Puerto Rico works differently than on the mainland U.S. In Puerto Rico, laws require a complex and time-consuming daily reporting process. The island’s Treasury Department also retains a high level of control over smaller aspects of business, so to navigate that influence, we had to look at higher-risk banks to partner with. Even though the charge higher rates, they would be the most adept at wading through all of these factors: the debit network, the tax issues, and the influence of third parties.

We would be charged even more, because we were considered a non-standard, foreign account and there would be more work involved for the bank. But after extensive conversations with many banks and companies, we were finally able to secure a partner.

Final Thoughts

Thanks to this relationship, we are now able to offer our clients underwriting and merchant accounts in Puerto Rico, opening up whole new avenues for business owners looking to open up or move to the island. As a result of going through the process from beginning to end, GAM is also now one of the most knowledgeable firms when it comes to merchant accounts in Puerto Rico. That allows us to bring incredible value to a whole new group of clients.