Thursday, November 6, 2008

Online Payment Processors

Online payment processors are companies who offer businesses a way to accept and process credit and debit cards without dealing with each of the different card issuers directly.

Each of the companies reviewed offer a secure and encrypted (via SSL) environment. The most common way this is used is via a web interface where the business checkout process temporarily jumps to the processing website, to take the credit card details; the processor then passes control back to the business website, either to a confirmation page, or to a declined page. Alternatively a more complex, but seamless, method is for the business website to take and store credit card details, then pass these invisibly to the payment processor for validation. This type of processing would obviously require the business website to be extremely secure.

Your research may cover many of the payment processors available to UK businesses, submitting each to the same tests and scrutiny. As well as covering the main differences in accounts available, the results of my research have been split into categories that will be important to businesses requiring these services:

Account Availability
Fees
Set Up Fees
Ongoing Fees
Transaction Fees
Accessing Funds
Chargebacks
Trust and Support


Account Availability
For small to medium sized businesses, the market has become crowded with third party payment processors and it has become difficult to decide which is the most cost effective choice. But cost is not the only parameter that should be taken into consideration - security, customer service and the reputation of the third party payment processors should also figure highly.

For larger volume businesses, possibly the cheapest method would be to use your own merchant account. If you already have a merchant account with your bank, then you can upgrade this to accept payments via the Internet. The following company is one of the more recognised third party payment processors who will process the credit card transactions for you

Tuesday, October 7, 2008

Credit Card Terminologies - Authorize Card

Authorize Card authorizes a credit card purchase from the cardholder's bank. Before using Authorize Card, your company must do the following:

Establish a merchant account with your company's bank. See the CyberSource Support Center for more information.
Provide the identifying numbers for your bank account. For example, FDMS requires both merchant identification numbers (MID) and terminal identification numbers (TID), while Paymentech requires the division number.
To authorize a credit card transaction, Authorize Card performs the following tasks:

Calculates the total amount for an order by totaling the cost of each offer in the order.
Requests credit card authorization from the issuing bank for the total amount.
Places a temporary hold against the customer's credit card for the total amount of the order. Most authorizations expire within five to seven days, but the bank that issued the card determines the length of the authorization.

Sunday, September 7, 2008

Debit Cards

Our product include an online account with Debit Card.

1. An online account allows you to receive and send Wire Transfer to any account that have the ability to accept Wire Transfer.

2. You manage you funds as well as the Debit Card. This allows you to control how much you spend.

3. No matter where you spend, only you knows. The online account allows you to view your statement anywhere, anytime as long as you have access to internet.

4. For more info on how to set-up your account, skype me at crystalglobalservices

Friday, August 29, 2008

The Difference Between Merchant Accounts, Payment Gateways and Third Party Processors


Many questions arouse after having read about e-Commerce merchant accounts and credit card processing. When trying to clarify the technology behind online credit card processing and the terminology we try to provide the most up-to-date information and a comprehensive knowledge base. Many future and current e-Commerce merchants find it difficult to understand some instances of online credit card processing and it's up to us, e-Commerce merchant service providers, to make things seem and, more importantly, feel easy. One of the most hard to understand things when dealing with online CNP (card not present) transactions is the mixing up of the terms used and their corresponding definitions. We will try to explain the difference between the three most commonly mixed up terms used in online/e-Commerce credit card processing: a) e-Commerce merchant accounts, b) payment gateways, and c) third party processors.

Let's start with the basics on a) e-Commerce Merchant Accounts:

An e-Commerce merchant account allows any (or almost) online business (also known as an e-Business or e-Commerce business) to accept credit cards/debit cards, gift cards and other forms of payment cards online based on the CNP (card not present) transaction principals, including MOTO (mail order/telephone order) transactions. e-Commerce merchant accounts can also be referred to as: online credit card payment accounts, online credit card processing accounts, credit card transaction accounts, and others. An e-Commerce merchant can get an e-Commerce merchant account from a merchant bank or a merchant service provider in his/her local area (city, state, country) or in another country (offshore/international e-Commerce merchant account). An e-Commerce merchant account is basically a service for which e-Commerce merchants apply, and thereafter use online credit card processing services; just like you would expect an e-mail account to work for you providing SMTP and POP3 (i.e. e-mail transmission) services.

E-Commerce merchant accounts are acquired from either merchant banks or MSP (merchant service providers), as already stated above. The process of acquiring, or applying for, an e-Commerce merchant account is different and depends on the provider itself (terms, guidelines and conditions), the type of e-Commerce merchant account and the e-Commerce merchant. For example, some types of e-Commerce merchant accounts can be setup in just a few minutes, while others will take days to approve a merchant. Fees and rates will also differ much.

Some of the types of e-Commerce merchant accounts are:

Direct e-Commerce merchant account - a type of account usually applied for directly at a merchant bank.

Local e-Commerce merchant account - an e-Commerce merchant account in one's home country.

Offshore e-Commerce merchant account - an account outside the country of the applying e-Commerce merchant. Also known, in some cases, as an international merchant account.

High-risk e-Commerce merchant account - a merchant account for online businesses with a high percentage of chargebacks and returns; for example, adult, IP telephone cards, internet gambling, etc.

Third-party e-Commerce merchant account - see below for a basic explanation on 3rd party merchant accounts.

Pharmacy e-Commerce merchant account - a specialized merchant account designed specifically for online pharmacies and drug e-Stores.

b) Payment Gateways:

A payment gateway can be called the relay between the e-Commerce merchant account affiliated website (online shop) and the merchant bank, which is also connected to a large network of credit card issuing banks. One of the other main functions of credit card processing payment gateways, besides communication, is encryption. A payment gateway uses SSL 128-bit encoding technology to encrypt and decrypt all the data being sent through it. Safety and security in online credit card processing is a very vital point. Without encryption all the credit card holders' data could be stolen and used illegally.

Understanding how a payment gateway works is important as to know, for example, why and where an error occurs that may lead to unsanctioned use, malfunction, etc. Thus, we bring you a brief step-by-step working cycle of a typical (no auxiliary/external verification/encoding/protection systems engaged) payment gateway:

A cardholder/customer orders a product or service at an e-Commerce merchant's website by clicking the 'Order' or 'Send to Shopping Cart' buttons.

The cardholder is taken to an automatically generated (by an integrated shopping cart script) order form, where he/she is asked to provide the credit card details and the shipping details.

After clicking the 'Submit Form' button at the bottom of the form(s) all the data is encrypted (SSL 128-bit) by the cardholder’s web-browser, a key is generated and passed on, along with the details, to the e-Commerce merchant’s payment gateway.

The payment gateway (if function available and switched on) decrypts some of the information (only for statistical usage, no credit card details are held), re-encrypts it and forwards it to the e-Commerce merchant's acquiring bank.

The acquiring bank forwards the data to the credit card issuing bank for verification and authorization.

The issuing bank sends a so-called response code back to merchant bank, and the latter sends it to the payment gateway. This response code is used to denote any error that might have had occurred during the verification or transaction process.

If everything is in order the credit card is billed and, usually, at the end of the day the funds are transferred to the merchant bank, where they are safely deposited until the payout day.

The e-Commerce merchant's website also generates feedback based on the response code received by the payment gateway. Some of the codes may be interpreted as: "You card has been billed.", "Error. Insufficient funds.", and so on.

The whole process takes only a few seconds. The important part that payment gateways play in online credit card processing is evident and must never be underestimated. Make sure that you get a secure, stable payment gateway with much flexibility and third-party options.

Finally, c) Third party processors:

Third party processors are what e-Commerce merchants get when getting third party merchant accounts. For more information on 3rd party merchant account visit our "Merchant accounts" section in our Articles knowledgebase. Basically, third party processors are connected via an additional secure payment gateway to a direct credit card payment processor. A third party processor contributes to the work of the direct processor, sharing its’ expenses, i.e. paying much less. Many third party processors make up a network of e-Commerce merchants sharing one secure direct merchant account. Third party processors are great for beginner e-Commerce.

To sum everything up, and to differentiate the mixed up terms e-Commerce merchant accounts, payment gateways and third party processors:

An e-Commerce merchant account is a whole service, a solution allowing e-Commerce merchants to accept credit card payments over the Internet; a payment gateway is one fragment of a whole system (chain of elements) involved in online credit card processing, functioning as a secure 'relay'; a third party processor is a type of e-Commerce service which makes up a network of direct merchant account affiliated e-Commerce merchants

Tuesday, August 26, 2008

How debit cards work

Debit cards are linked directly to your bank account. You can use them to buy goods or withdraw cash and the amount is taken from your account right away.

You can also use debit cards to get 'cashback' from certain shops (you buy goods and also ask for money back from the cashier). The total amount is deducted from your account right away.

When using a cash machine or paying for goods with a debit card you'll need to enter your PIN (personal identity number). When buying goods you usually enter it into an electronic hand held device, but in some cases you may have to sign.

Most bank accounts offer debit cards. Most debit cards double up as 'cheque guarantee cards', guaranteeing that your cheque will be honoured by your bank up to a stated amount.
What happens if there's not enough money in your account?
This will depend on the type of debit card you have:

if you have a ‘Solo’ or ‘Electron’ debit card the balance in your account is checked before each transaction – if there’s not enough money you won’t be able pay or withdraw cash with the debit card without prior agreement
if you have ‘Switch’, ‘Visa’ or ‘Delta’ card your account balance won’t necessarily be checked and the payment may still go through
If you go overdrawn the charges you’ll pay will depend on whether or not you have an authorised overdraft arrangement with your bank. If you do, you’ll pay the agreed amount of interest at the end of each month. This is usually much lower than interest charged on credit cards.

If you don’t have an overdraft agreement, or you exceed the agreed limit, your bank may allow the payment to go through but you’ll usually pay much higher fees than if you had an agreed overdraft.

Using a debt card over the phone or internet
Debit cards can be used to make payments by phone or over the internet. In this case you'll need to provide certain details that are printed on your card.

Find out more and view an example debit card on the FSA website.

Wednesday, August 20, 2008

How to tell if an e-mail message is fraudulent



Here are a few phrases to look for if you think an e-mail message is a phishing scam.

"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.

If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam. To learn more, read Fraudulent e-mail that requests credit card information sent to Microsoft customers.


"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail message might even claim that your response is required because your account might have been compromised.


"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.


"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.

The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.

Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.

Wednesday, August 13, 2008

Damage caused by phishing


The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss. This style of identity theft is becoming more popular, because of the readiness with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers' maiden names. There are also fears that identity thieves can add such information to the knowledge they gain simply by accessing public records. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name. They can then ruin the victims' credit, or even deny the victims access to their own accounts.

It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims. In 2007 phishing attacks escalated. 3.6 million adults lost US $ 3.2 billion in the 12 months ending in August 2007. In the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled to £23.2m in 2005, from £12.2m in 2004, while 1 in 20 computer users claimed to have lost out to phishing in 2005.

The stance adopted by the UK banking body APACS is that "customers must also take sensible precautions ... so that they are not vulnerable to the criminal." Similarly, when the first spate of phishing attacks hit the Irish Republic's banking sector in September 2006, the Bank of Ireland initially refused to cover losses suffered by its customers (and it still insists that its policy is not to do so, although losses to the tune of €11,300 were made good.