GAM Payments Blog

CBD products are taking the world by storm. However, CBD is a unique chemical that has a murky legal status, confusing customers and merchants alike. To make matters more complicated, there are lots of misconceptions about what CBD is and what it all means for payment processing and retail sales.

Here we’ll demystify CBD itself, and then tell you what you need to know about processing payments for merchants that sell CBD-based items like tinctures, gummies, vape pens, vape oil, and other CBD oil products.

What is CBD?

Short for Cannabidiol, CBD is a chemical compound extracted from the cannabis plant. When you ingest it, however, it doesn’t get you high. The cannabis high is caused by the ingestion of THC, which is an entirely different compound than CBD. Both THC and CBD work with the brain’s cannabinoid receptors, but to a very different effect.

Once CBD is extracted from cannabis, this naturally-occurring substance is then incorporated into products like oils, tinctures, edible snacks, baked goods, even creams and lotions with supposed anti-inflammatory effects.

It’s different from medicinal marijuana, because medicinal marijuana is just like the kind you buy on the street. That is, it alters your perception. CBD takes its effect without intoxicating you. Both CBD and THC are cannabinoids, which means they are chemicals taken from the hemp plant. However, there are different effects and legal implications regarding different cannabinoids. That’s where people start getting confused.

Even though it doesn’t get you high, consumers find that CBD seems effective for a variety of ailments. While limited scientific research means there’s still much to be learned, people use CBD for everything from chronic pain and post-traumatic stress disorder to multiple sclerosis and Alzheimer’s disease.

Processing CBD Industry Payments

Because of its association with marijuana, the CBD industry has faced challenges when it comes to accessing financial services. Banks, payment processors, merchant accounts, and other institutions have been hesitant to offer services to companies selling a product that still has a murky legal classification.

This provides potential opportunities for other companies to step in, however. This section will get into some of the complications with processing CBD industry payments, and some of the solutions CBD companies have figured out.

Hemp and Banking

Hemp and cannabis are often confused, and with good reason: there are strains of the cannabis sativa plant that can be grown without THC…that is, they don’t get you high. These plants fall into the category of industrial hemp.

Once hemp is harvested, there are hemp products called hemp oil and hempseed oil that can be made from it that are often sold legitimately. Sometimes, however, they are disguised as CBD oil, despite containing no CBD. They are sold as dietary supplement called “CBD Hemp Oil,” or under a similar name. But because the industry is still unregulated, product labels are often deceptive.

Regardless of where the plants end up, non-THC containing hemp plants are legal to grow. Since it isn’t a controlled substance, there shouldn’t be any legal issues associated with growing it and using it to make products like hemp oil. However, financial institutions are notoriously conservative and always err on the side of caution. Hemp is no different, and the fact that there’s still lots of confusion on the hemp vs. cannabis, THC vs. CBD question. Hence, the industry is facing lots of resistance when merchants try to find payment processing services.

There is another factor to the resistance, however. Since many CBD and hemp-based products make medical claims, the industry is considered high-risk. This is because of a lack of clinical trials or FDA approval for any claims that CBD can be used to treat disease. Without a stamp of approval from the FDA, the industry will remain high-risk. And as with all high-risk industries, it is harder to find financial partners. Once CBD companies do find a payment processor and bank, there are often higher fees associated with doing business.

Using Square for CBD Company Payments

Square is one payment processing and merchant services company that is taking the plunge, offering select CBD merchants an invite-only chance to beta test a payment processing solution for CBD sellers. It’s a huge opportunity for them that could come with pitfalls, but also the chance to fill a need and corner a rapidly-expanding market. The forward-thinking approach could pay off hugely for Square.

Final Thoughts

For a natural product with none of the inebriating effects of THC, CBD could hold great promise. As the CBD industry expands and matures, more legal clarification will develop regarding its status. There will likely also be more clinical trials showing whether or not CBD has health benefits like easing anxiety, reducing pain, and powerful anti-inflammatory properties. As a result, payment processors, banks, and other financial institutions will become more willing to offer services.

In the meantime, forward-thinking innovators like Square are getting a head start. CBD doesn’t look like it’s going away anytime soon, so the only question is, how long will it be until banks start treating it as a mainstream industry with a moderate risk profile?

No one knows for sure, but when they do, the industry will have an opportunity to expand faster than ever. And as more states legalize THC itself, there will be a whole new flood of cannabis products on the market with merchants in need of payment services. As the cannabis plant gains further acceptance, doing business in the industry will become easier and easier.

In the age of ecommerce, data security protocols are needed to protect merchants and their customers. Enter 3D Secure. 3D secure provides extra layers of authentication for each credit card and debit card transaction, making it harder for hackers and fraudsters to steal your customer’s identity. This article will explain what 3D data is, and how to use it to decrease fraud and reduce the chances of identity theft for your customers.

What is 3D Secure?

“3D” usually refers to three dimensional. However, the “3D” in 3D Secure means “three-domain structure.” This refers to three components involved with any 3D Secure credit or debit card transaction. These are called the Acquirer Domain, the Issuer Domain, and the Interoperability Domain:

• Acquirer Domain:This domain refers to you (the merchant) and your bank
• Issuer Domain:The issuer domain the bank that issued the customer’s payment card
• Interoperability Domain:This domain is the payment system or credit card infrastructure that allows the payment to occur.

When customers make an online card not present transaction, 3D Secure protects data between all of the three domains. For online purchases, many major credit card brands are implementing their own version of 3D Secure for their customers. Visa has branded their service Verified by Visa, and Mastercard calls their version Mastercard SecureCode.

How 3D Secure Works

3D secure uses XML messaging, which is part of a computer programming language called Java. XML is essentially a secure way to move data from one software system to another. Essentially, once a customer enters their credit card data, the system looks at a directory server that contains a ledger of legitimate credit card customers. Once the customer is found, the server confirms to the 3D Secure system that the card is legitimate.

The customer is then prompted to enter a unique pin code. If the pin is correct, the transaction is sent to the acquiring bank to be authorized. Finally, the customer will receive a message confirming whether their payment was successfully processed.

Not all transactions on your website need to be 3D Secure enabled. You can reserve them only for certain transactions, such as those that are higher-risk or are above a certain dollar amount.

Pros and Cons of 3D Secure

3D Secure is fantastic for reducing fraud, but it does come with certain limitations. First off, not all credit cards participate in the program. Secondly, it doesn’t eliminate instances of credit card chargebacks. Chargebacks are caused by customers themselves, rather than hackers.

However, there is still a chargeback-related advantage to 3D Secure. Since it routes the payment differently, authenticating through the acquiring bank, as a merchant you are more protected from liability. Instead of you being liable for chargebacks, 3D Secure shifts the liability to your issuing bank.  In addition, certain companies like Visa (but not Mastercard) have additional chargeback protection, giving you extra peace of mind that excessive chargebacks won’t drag down your business.

Also, because security is improved, using 3D Secure can net you lower interchange fees. These fees are tacked onto every single transaction, so even a slightly lowered interchange rate will add up fast. Lastly, your customers will feel more secure if your site uses the latest and greatest security protocols. Having a high level of trust in your company and website will keep them coming back to buy again and again.

The only real potential pitfall of 3D Secure is that it adds an additional step for customers to complete before their transaction can be finished. This can cause a reduction in conversion rates if customers decide to leave before finishing the transaction. Many ecommerce buyers are used to “one-click ordering” and a fast transaction process, so be sure to clearly notify them early in the process that your site uses extra protection to keep them safe.

A very simple explanation of 3D Secure at the beginning of checkout does the trick, preparing customers by letting them know that there will be an extra step during the transaction, but that it adds security to protect their payment information. Make sure to include the Verified by Visa or Mastercard SecureCode logos, and linking to their homepages. This allows the customer to find additional information on the process, if desired.

Do I Need 3D Secure for My Business?

Not all businesses need 3D Secure, but whether or not to implement it is up to you. Ecommerce merchants who sell high-priced items or take large deposits may want to enable it for the extra security it offers.

Risks of 3D Secure

A reduced conversion rate is possible when any new step is added to the checkout process. For customers, phishing fraud is still a risk with 3D Secure. Phishing is when someone creates a fake web page that impersonates yours, getting customers to click on their fake website instead of your real one. Then, when they check out, whoever set up the scam website collects your credit card information and pin code as the customer enters it.

However, this type of fraud is not unique to 3D Secure. It is a common scheme to get around many types of online security. To avoid it, encourage customers to bookmark your site and only visit by opening the bookmarked page. Visa has also added a secret phrase that appears during checkout, showing the customer that the checkout page is genuine any time the secret phrase appears.

Final Thoughts

3D Secure is a great way to add an extra level of authentication to your online checkout process. However, it comes with potential pitfalls and limitations. The best way to determine if it’s right for you is to learn more about it, so talk to your credit card issuer with any questions you have about implementation.

Overall reductions in conversion might be offset by savings in fewer chargeback disputes and a lower interchange rate. After you try it, see what effect it has—sometimes the best way to know if something is right for your business is to test it out for a short period and look at the data to see if it was successful.