Businesses have ever-increasing ways to accept payments. Options include traditional processors (FIS, Worldpay), payment facilitators (Stripe, Square), payment gateways (Payoneer, 2Checkout), and marketplaces (Etsy, eBay), all offering fast approvals and frictionless onboarding.
Once their merchant accounts are approved and funds are flowing, businesses typically focus on other priorities and think of payment processing only when something breaks. I spoke recently with industry pros who shared advice on preventing those breaks, citing four common pitfalls.
Misclassified Categories
Experts advised merchants not to think of account openings as one-and-done events but rather as fluid agreements with processors that adapt as markets fluctuate and models change.
Mike Eckler, an independent consultant and 20-year payments industry veteran with a leadership background at PayPal, Moneris, and other firms, advised merchants to carefully read contracts, especially clauses that pertain to merchant categories and restricted or forbidden sales.
Mike Eckler
“Your acquirer and other payment service providers will ask you to classify your company by assigning a merchant category code,” he said, explaining that card brands Visa and Mastercard assign these codes based on a business’s products and services. “If your acquirer or the card brands discover that you have misclassified your business, it could lead to penalties and possible termination.”
David True, founding member of PayGility Advisors, a fintech and payments consultancy, and president of industry trade association NYPAY, whose 30-year career includes senior roles at American Express, Mastercard, and other payments organizations, advised merchants to consider card brand requirements when applying for processing services.
“From a merchant’s perspective, the first consideration is avoiding scrutiny by adhering to card brand rules,” he said. “A processor or acquirer doesn’t have the final say on a merchant’s degree of risk or eligibility; these decisions are based on card brands.”
Unaligned Risk Appetites
True further noted that some agreements extend beyond card brands and processors to payment gateways, independent sales organizations (ISOs), and third-party vendors. “There are all kinds of relationships in the business,” he said. “If you’re an ISO, you must ensure that your acquiring bank will support a merchant category before you board accounts. If you’re a bank, you need the risk tolerance and back-office controls to support that category. If you’re a merchant, you need to align with service provider expectations and risk appetites.”
David True
True recalled an ISO pitching a bank on a new merchant category, claiming the rewards would outweigh the risks. The bank agreed, he said, due to its longstanding relationship and trust in the ISO’s due diligence, customer verification, and underwriting processes.
Eckler agreed that relationships matter in payment processing but pointed out that some categories are relatively higher risk and more likely to be shut down by processors, card brands, or acquirers. These categories include gambling, dating and adult content, health products and supplements, credit repair services, and illegal or potentially illegal sites that traffic in weapons and counterfeit goods.
Hence merchants should avoid activities that could potentially damage card brand reputations, Eckler added, stating, “Card brands protect their reputation carefully and will punish or ban merchants that tarnish it.”
Excessive Chargebacks
Proactively monitor customer inquiries, disputes, and refunds, experts advised, to keep chargeback ratios below the standard industry rate of 1% — one chargeback for every 100 transactions. Eckler suggested merchants consider providers that screen and score transactions before acceptance.
“Many services are provided as a value-add while others charge a fee,” he said, advising merchants to weigh additional expense against the cost of handling chargebacks. “By the time you factor in chargeback fees, potentially lost goods, and time and effort spent investigating and fighting chargebacks, it may be worthwhile to pay a small fee to screen for fraudulent transactions.”
Eckler stated that larger merchants may consider other services such as rapid dispute resolution, Visa’s Order Insight, and others, adding that contrary to popular belief, chargebacks are not always bad. “A small number of chargebacks for a high-volume merchant usually means that the merchant is taking a reasonable amount of risk to win business from new markets.”
True suggested reviewing chargeback reason codes for clues about customer trends and behavior patterns. Visa recently rolled out a program that assesses customer buying patterns and identifies out-of-pattern behaviors, he said. Merchants can leverage this capability.
“Think about what triggers your chargebacks and whether the causes are service- or product-driven,” he said. “If you’re new to the business, research chargeback issues that others have in your space. Most importantly, post clear return policies on your website and invite an independent and objective source to review these policies and terms and conditions to confirm they are clear and understandable.”
Subpar Security
Fraud is ever-present in ecommerce, but experts noted that PCI DSS compliance and tech-driven tools can protect companies, customers, and infrastructures from known and emerging threats. Eckler sees fraud as a cost of doing business and advised owners to train employees to recognize phishing [fraudulent communications] and social engineering [false representatives to obtain info] that could lead to a ransomware attack.
True stated that fraud never sleeps, so merchants need always-on, always-connected fraud prevention solutions. “Studies have shown that first-party fraud [customers deliberately providing false info] and friendly fraud [dishonestly disputing a purchase] account for 60 to 70% of all chargebacks,” he said. “Shop for a vendor with next-gen technologies to continuously monitor, detect, and remediate fraud.”
True acknowledged that most ecommerce businesses don’t want to encumber customers with added security features at checkout but urged merchants to weigh the risk of a few lost sales from those features against the costs of a security breach.
Ecommerce websites must accurately reflect their brands and offerings, True stated, and businesses must advise processors of any plans to change a website, product category, or campaigns that could drive up transaction volumes.
“If you’re planning to change your business, advise your acquirer so they can pass it upstream and provide an explanation. Don’t rely on acquirers’ salespeople to pass this message, because they may say ‘that’s great’ without seeing the potential red flag.”
