Credit card processingFees remain one of the topthree concerns for convenienceretailers—and though it seems reasonable to expect that improving datasecurity at the point of sale would cutcharges because it lowers transaction risks,experts say this is not the case.

"I don't know if anyone has ever beensuccessful in presenting improved securityas a reason for getting a lower interchangerate," said James Hervey, global productmarketing manager for Radiant Systems'Global Petroleum and Convenience RetailDivision. "However, that doesn't meanthat retailers can't negotiate better rateswith their acquirers."

As all c-store owners already know,the interchange fees charged by card companies to the acquirer companies who up the lion's share of the credit transaction costs that merchants bear. But whatsome don't understand—and what mostacquirers don't tell them—is that interchange rates are largely driven by thetype of card a customer uses. For example,affinity cards that provide rewards, suchas flyer miles to cardholders, are chargeda higher interchange rate simply becausecard companies pay for those rewards.

Most c-store transactionsnon-standard
Up to 70% of credit card transactionsat c-stores are probably processed at ahigher rate than the standard interchangefees set by the four major U.S. card issuers,according to Sanford Brown, chief salesofficer for Heartland Payment Systems Inc.However, Brown pointed out that whilemerchants can't discriminate in the kinds of cards they accept, knowing which cardscarry what costs provides more powerto negotiate lower rates with the acquirers who determine the final processing fee costs.

"Many processors will increase processing fees and their gross marginsby levying a surcharge, often as high as 1% or more, in addition to the increasedinterchange on the transaction,"Brown said. "Because the process is complicated, few merchants have the time to understand that they couldnegotiate a better price with their cardprocessors."

As evidence, Brown cited the classaction lawsuit filed against Visa andMasterCard several years ago for charging acquirers the same interchange rate fordebit card transactions as for credit cardtransactions. The outcome was a court order that directed Visa and MasterCardto lower the interchange fees they chargeacquirers for debit card transactions andrebate $3 billion in past overcharges toacquirers. Though all acquirers passedthese savings on to their large retailer clients, only Heartland Payment Systemsautomatically issued refunds to its smallbusiness customers as well. The samesettlement allowed merchants to choosewhether they wanted to accept only debitcards, only credit cards or both.

Most acquirers continue to keep theretail price the same and put extra moneyin their own pockets, which leads Brownto stress that the most important stepc-store owners can take to reduce cardfees is insisting that processors discloseboth the interchange rates they chargefor the transactions and the margins theyexpect to earn.If those margins are thesame for credit and debit card transactions—or if the processing agreementcontains unexplained or unnecessaryincidental fees—merchants should finda processor willing to pass along savingsrealized on interchange rates instead of pocketing them.

U.S. fees are world's highest
Even though improving point-of-sale(POS) processing security won't get you alower processing rate, card companies doprovide safe harbor protection from fines for merchants whose data security precautions meet the Payment Card IndustryData Security Standard (PCI DSS), thecomprehensive set of requirements forenhancing payment account data security for businesses that accept credit cardtransactions set by the card industry.

Still, Mike Newman, president ofNOCO Express, noted that U.S. merchants continue to pay the highest creditcard processing fees in the world. "There'sno economy of scale for the U.S.; all consumers are paying it," Newman said. "Five years ago, we were paying around $280,000 a year in interchange fees, andthis year we'll exceed $2 million. It certainly has hurt our bottom line and ourability to continue growing."

And as if high fees weren't bad enough,Newman said that becoming PCI-compliant demands more time, money energythan many retailers can afford. "Personally,I think this PCI thing came from creditcard companies' unwillingness to dealwith security flaws in their own datastorage systems," Newman said. "Cardcompanies went headlong into electronicPOS before they realized that system theyhad constructed had flaws, then requirethe retailers to fix it."

Scott Hartman, president of Rutter'sFarm Stores, agreed that PCI complianceis a big issue for the c-store industry, thecomplexity of which depends on the sizeof the retailer. However, he said, manyretailers missed a key PCI compliancedeadline last spring and another onelooms in December.

Though all card companies want merchants to meet the PCI standards, eachhas developed its own program forimplementing and enforcing PCI compliance. Links to these and more complianceissues are available at www.pcicomplianceguide.org.

Hervey points out that all of these programs are methods for enforcing the samesecurity standards, so when a POS hasmet the PCI standards, it should automatically be compliant under the enforcementprograms written by each card provider.

Push cash alternatives and zipcodes
Reducing the amount of credit cardfraud is the other major way that c-stores can lower their credit costs. JimSmith, president of the Florida PetroleumMarketers and Convenience StoreAssociation (FPMA), said fraudulent cardcosts ultimately come out of merchants'pockets because card companies bouncecharges back to retailers, with whom theysay the responsibility for verifying cardownership resides.

"I was a retailer for 22 years, operating44 convenience stores," Smith said, "andnot once did I ever have an oil companyabsorb fraudulent credit card charge."Pay-at-the-pump, where no employee ispresent to ask for identification, has created a fraud potential unique to gasoline retailers, which is why somany c-stores are programming their pumps to require purchasers enter their zip codes in order to complete gas purchases.

"The more prevalent zip code security becomes, the more ofa positive impact it will have in our industry," Smith said, adding that Petroleum Marketers Association of America (PMAA) isworking to forge an alliance with an acquirer to reduce members'processing costs. "There's no way to know if this will bear fruit,but we can't afford to stop trying," he says. Another cost savingmeasure Smith advocates is offering customers a discount for paying cash for their gas instead of using their credit cards.

Some retailers may be hesitant to gather zip code data, saidMary Vinson, director of operations for Donnini Enterprises.Several of her company's dealer operators initially refused toinstall zip code prompting for fear that customers would find theadded step inconvenient and begin buying their gasoline elsewhere. "They really got hit with this last round of credit cardfraud in Florida," Vinson said. "Zip code prompting isn't a complete solution, but it definitely helps."

Two initiatives, same goal
Two initiatives that help educate merchants about the processing fee alternatives they have are Heartland PaymentsSystem'swww.merchantbillofrights.com and the NACS supported Merchants Payments Coalition described atwww.unfaircreditcardfees.com.

NACS Director of Communications Jeff Lenard highlightedthe recent Congressional hearings on interchange fees as evidencethat simply trying to get the credit card companies to reveal howthey determine fees is challenging.

Card companies are quick to point out that credit cards areone of the greatest innovations of the 20th century. "They're absolutely right," Lenard said. "But this is the 21st century and theonly innovations we're seeing are new ways to defend high interchange rates."

As Jim Smith so succinctly put it, "When you're the 800-poundgorilla, you don't have to explain anything to anyone. You can justsit there eating bananas and growl at people who walk by."

Secure steps Unfortunately, point-of-sale (POS) terminals have emerged as a weaklink in the data security chain, according to Avivah Litan, vice president and research analyst for Gartner Inc., a technology research firm based in Stamford, Conn. Many retailers are unaware that their POS systems collect enough data to create areplica card, Litan said, and though hacks into the customer data files of banks and bigcompanies receive most press coverage, the greatest number of data thefts actually occurat small businesses. Litan advised that small chain operators and single storeowners—who now make upmore than 60% of the convenience store channel—outsource payment processing andobtain the software and terminal from their payment processors, making certain that theircontracts with processors clearly state that any breach in software is the service provider'ssole responsibility. James Hervey, global product marketing manager for Radiant Systems Global Petroleum and Convenience Retail Division, said the best protection is adhering strictlyto the PCI Council's Payment Applications Best Practices guidelines (PABP) for POScard transactions. Hervey also strongly advocated performing security background checks on every employee to enhance POS security, and switching to self-swipe card readersso that clerks can't steal data when customers aren't watching. "Most of the timefraud isn't caused by a gang hacking into a database, but by an employee using a skimmer," he said.