Getting Started for Business with Merchant Services

Whether you’re starting up a new venture, taking your business to the next level or expanding your avenues, having the right Merchant Services for your needs is absolutely essential. To help you kick off sales this quarter, let’s run through what Merchant Services are and the various options available to you.

What are Merchant Services / MSP?

Merchant services are the terminals, technology or software employed by a business to take payments by EFTPOS, credit and debit cards. Therefore, the MSP or Merchant Service Provider is the company that manages the operation of these systems. After taking card payment, the chosen system would then settle the payment into the bank account linked with the terminal or software provider.

So which payment system should I choose for my business?

It all depends on your business needs; small businesses, for instance, would have different payment requirements to a large corporation. By the same token, a brick-and-mortar retail store would have different needs to a professional service provider.

There are loads of options available to all kinds of businesses. Let’s take a look at some of these now.

In-store terminals / Point of Sale (POS)

An in-store terminal or POS system is the method employed by a business to take payment for their goods or services at the cash register. This is a combination of software and hardware, including a monitor, barcode scanner, card reader, receipt printer and cash draw. The software component of a POS terminal may be deployed on premise via installed software or through a cloud-based system commonly known as Software-as-a-Service (SaaS). Cash and Eftpos terminals are primarily used in brick-and-mortar stores as they lack mobility or capacity to take online payments.

mPos (mobile POS)

 mPos solutions are a really convenient way of taking payments on the go. You don’t even need a website to get started, as payments are taken directly through an app on your mobile. This type of payment solution is perfect for pop-up businesses, personal trainers, sales reps and anyone who needs to take payments while on the road. mPos software also allows you to accept a range of payment options, including tap-and-go, to ensure you’re offering your customers the method they’re most comfortable with.

eCommerce / Shopping Carts

For eCommerce businesses, having a secure and reliable online payment solution is critical. Essentially, your chosen shopping cart will be integrated into your website, which will then connect with your MSP. Reliable shopping carts can provide seamless checkout processes for your customers and therefore encourage repeat purchases. Most innovative MSPs will be looking to expand their integrations and offer custom integrations, so keep an eye out for this when acquiring their services.

Hosted Payment

A hosted payment page allows you to accept payments through your website by redirecting customers to your MSPs hosted payment page. This method is an economical way of taking payments as there are no development or security fees involved with implementation. A good MSP will also be able to offer a branded page that reflects your website to make users feel like they haven’t moved away from your page.

What to look for when choosing an MSP?

For obvious reasons, merchants are eager to partner with a reliable and reputable MSP to manage their business transactions. However, this market is becoming increasingly saturated and it can be difficult for new businesses to distinguish which company will work best for them. If you’re looking to acquire your first MSP (or are unhappy with your current service), here are a few of our top tips to choosing the best MSP for your business:

  1. Before approaching an MSP, do some research into the options you are interested in acquiring for the specific needs of your business. If an MSP doesn’t offer the services or systems you’re interested in, move on to the next one.
  2. Look into the costs and recurrent fees of each MSP, making sure that your chosen one is good value for money compared with their competitors.
  3. Read the terms and conditions in the product disclosure statement or financial services guide to make sure you fully understand the level of service they are offering and whether it aligns with your needs.
  4. Look for online reviews and customer stories about their customer support; if many of their customers seem unhappy with the service, then maybe this particular MSP isn’t the best choice.

Why Latpay?

Latpay have more than 17 years’ experience delivering merchant facilities and bespoke payment systems to businesses of all shapes and sizes. We deploy robust, secure and innovative technology to allow your business to thrive – all with Level 1 PCI compliance. We also offer 24-hour dedicated technical support to ensure we’re here when you need help. To find out more about Latpay’s Merchant Facilities, follow the link or give us a call on 07 5515 0402

 

Latpay Image For PCI Compliance

How Does your payment service provider tackle PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) encompasses any business that takes payment via credit card, regardless of their size or industry, so it’s vital that you understand what protection your payment provider is offering and what they’re expecting you to tackle on your own.

While some providers may charge security and compliance as an additional service, most of us would expect that these come as part of your monthly fees, right? After all, they are the ones selling you the service, so should security and compliance not therefore be part and parcel of that service? Unfortunately, this isn’t always the case and it’s becoming more and more evident that some payment companies are profiting from this rather than helping you achieve the goal you set out to achieve when acquiring their services – growing your business.

Determining your PCI Compliance requirements

Regardless of whether you are a service provider, online retailer or brick and mortar store, the level of compliance for your business needs to be considered before you can truly understand what your requirements are and whether the additional costs are justified. If you’re handling, processing or storing cardholder data you will be required to meet compliance guidelines depending on how you process the payments.

The PCI Security Standards Council created 4 simple Self-Assessment Questionnaires (A, B, C & D) to help businesses validate the level of compliance they require, relating to whether your business does or does not handle, process or store credit card data. For instance, if your business takes credit cards via a hosted payment page like that offered via Latpay, you would only be required to complete SAQ A.

If, however, you take credit card payment and then store their information for quick future purchases, you’ll be required to complete SAQ D – the longest of the 4 containing around 250 PCI DSS requirements to adhere to.

To help you determine whether your provider is offering the services required by your business, let’s take a look at the top 5 things to look out for when acquiring a payment service provider:

Level 1 PCI Compliance
PCI compliance requirements change dependent on the size of your organisation and how many card transactions your process annually. Regardless of your business specifics, you should hope that your service provider is PCI DSS Level 1 certified, the highest possible level of compliance that can be achieved. This means that the responsibility of dealing with PCI can be shared with your provider, rather than worrying about it yourself in-house. It also gives you peace of mind that their systems consistently adhere to stringent guidelines associated with accepting, processing, storing and transmitting card information.

Secure Cloud Hosting
It’s fairly common knowledge that you shouldn’t be storing any credit card information to your website. For this reason, secure cloud hosting is one of the most infallible ways to securely house information away from your site, so make sure to check with your payment provider what methods they’re using for hosting. While you may have doubts about the security of storing sensitive data in the cloud, in reality it’s far more secure than physical system storage due to cloud providers’ dedication to the latest and greatest in security technology. Using global data centres with the highest standards for security and data privacy on the market, secure cloud hosting is reliable and resilient against a range of risks and threats and should definitely be included in your payment service provider SLA.

Secure Hosted Payment Page
If your business offers a hosted payment page for your customers, ensuring that page is secure is absolutely critical. This is due to the fact that all data sent over the internet is passed through any computer sitting between you and the end server, including credit card information. To mitigate the risk of a data breach, your payment provider should protect the page by encrypting this data with a Secure Socket Layer (SSL) certificate, allowing for a secure connection between device and server. Going the extra mile, your payment provider should be able to offer data tokenisation so that a customer need not re-enter their details each time they purchase online.

Data tokenisation
Data tokenisation is one of the most critical ways to safeguard your sensitive customer data and should be a must-have for your payment service provider.

Similar to the more commonly known process of encryption, tokenisation transforms important data like credit card details into a random set of characters that will be essentially useless in the hands of a cybercriminal.

This is due to the fact that, while the token signifies the original data, it uses a completely random method to be generated and therefore cannot be deciphered. Unlike encryption which uses a mathematical algorithm, a token can only be decrypted through what is known as a ‘token vault’ which houses the association between the data and the token. Further increasing information protection for your customers, the data housed in the token vault is then secured by way of encryption. With guaranteed security of any card data stored on servers, a token vault removes the hassle of data storage and enables descoping of customer data within the merchant landscape.

Fraud Management Services
What fraud management services is your current or prospective provider offering in your SLA? One of the very first things a good payment provider will do is conduct a tailored risk assessment based on your level of acceptable risk to determine how stringent your processes ought to be. As a standard, you should expect that every transaction is verified by a secure fraud management engine. You should also expect that there be some form of real-time fraud mitigation processes in place, complimented by a dedicated fraud management team to share information with you on fraudulent data and potential risks, as well as offline human analysis for increased comprehensive data security.

What should you do if your service provider isn’t making the cut?

If you find that your payment service provider isn’t offering you the highest levels of data security and PCI compliance, or is doing so at an additional cost, it’s time to start shopping around because you’re paying over the odds..

As a leading Payment and Merchant Service Provider in Australia, UK and Canada since 2001, Latpay offer superior fraud management capabilities and data tokenisation services to online businesses around the world.

With industry-leading technology, exceptional Level 1 PCI compliance and fraud management proficiencies, Latpay are proud to provide a truly complete payment solution to conventional and bespoke e-Commerce ventures for companies of all shapes and sizes.

Talk to us on +61 7 5502 6686 to see how we can alleviate the hassles of security and compliance, so you can get back to what you do best.

Maximising E-Commerce Payments via Mobile

Lateral Payment Solutions is pleased to announce the version 2 release of its cutting edge Mobile Optimised Payment Page.
This upgrade ties in with our promise to our merchant base to exploit the latest technologies which has led to a more refined page performance and enhanced user experience, all in line with recent PCI – DSS guidelines. Using smartphones to pay for goods and services has never been easier and this method comes with a multitude of advantages. Primarily, it gives customers a flexibility in being able to make purchases anywhere and anytime within a secure environment. Indeed, offering a mobile payment processing channel is a must for any retailer not least because it is cost effective and has a tendency to capture impulse buyers leading to increased sales.