The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired.
The Basics
In any credit card transaction, there are five major players: the consumer, the merchant, the issuing bank, the merchant's bank and the credit card companies themselves. Here's how it looks:
- The consumer hands his credit card over to the merchant
- A message is sent to the issuing bank, the bank that gave the consumer his credit card
- Money is transferred to the acquiring bank, where the merchant has an account that allows him to take credit cards
- Money is deposited to the merchant from the acquiring bank
- A slight deduction is sent back to the issuing bank, which the issuing bank shares with credit card company networks such as Visanet or The Mastercard Network
Visa and MasterCard are not banks, although the logo does show up on bank-affiliated credit cards. They are simply credit card companies that help companies process credit card payments. American Express and Discover work differently in that they issue their own cards and process credit card payments through their own networks.
For Consumers: The Safest Ways to Run Your Card, Ranked
We talked to Beverly Harzog, a personal finance expert, consumer advocate and author of Debt Escape Plan and other books on consumer finance.
Chip and PIN card, in store
This is the highest level of security available because you benefit from both the chip encryption and having to use a PIN to complete the purchase. Unfortunately, although chip and PIN cards are very common in Europe, fewer chip card issuers in the U.S. require a PIN.
Chip and signature card, in store
Signature verification is less secure than requiring a PIN. But if the merchant has an EMV terminal that accepts chip cards, you're ahead of the game, since chip card transactions are harder to hack.
Swipe cards in stores or online transactions
These two transactions are about equal when it comes to security. If you're swiping a credit card, it's possible for the information in your magnetic strip to be cloned or hacked. And the same goes for an online transaction where you're entering all of your information—if that merchant is compromised, your info is accessible.
Manual
If a merchant takes an imprint of your card—and very few merchants are still doing this—you're at risk, since there's now a paper copy of your credit card number and expiration date.
Debit card
In all circumstances, it's safer to pay with your credit card than your debit card, since credit cards come with greater consumer protections in general. Plus, if someone hacks your account, they don't have access to the money you need to pay your rent or mortgage.
For Merchants: Choosing a Credit Card Processor
The best place to start may be your bank, since you already have a relationship with it. Compare it to other processors, and ask these questions:
Virtual Processing: How to Accept Credit Cards Online
A payment gateway
This enables you to authorize transactions. You can find a payment gateway with a service such as Authorize.net or Sage.A readymade store platform
If you're selling goods, consider setting up on a platform that allows you to accept payments as part of the format. Sites such as Etsy, eBay and Shopify are good examples.Combo payment gateway and merchant account
You can set this up with a company like PayPal or Stripe, and it may involve fewer fees than setting up a merchant account separately, depending on the size of your business.
3 tips for online merchants
If someone makes a fraudulent purchase on your site, you are liable (not the credit card issuer). Here are three ways to be more cautious with your transactions:
Put fraud detection measures in place
Be vigilant about purchases. This may include manually checking your orders for things that look strange or out of place, such as larger-than-usual transactions, a shipping address that doesn't match the billing address or multiple orders to a foreign country (if you don't usually ship internationally).
Investigate EMV options
The technology does exist to accept online EMV payments. Consider the Chip Authenticated Program (CAP) from MasterCard and Dynamic Passcode Authentication (DPA) from Visa. These options are more prevalent in Europe than in the U.S., but you may want to ask your bank, card issuer or merchant account provider if they support the technology.
Use software
Some payment gateways or processors have fraud detection programs you can implement, such as Authorize.net's Advanced Fraud Detection Suite.
In-Person Processing: the Credit Card Terminal and Other Products
Traditional retail terminals
If you're dealing with customers face-to-face, you will likely be swiping physical credit cards. One method of doing this involves a countertop point-of-sale model that you're probably familiar with—it sits at the check-out point and allows you or your customer to swipe a credit card and enter a PIN if you process debit or EBT (electronic benefit cards transferring funds from state benefits) cards.
Mobile and wireless terminals
Some companies also offer the ability to accept credit cards via your smartphone or tablet using some add-on hardware and a downloadable app. This allows you to accept credit cards and debit cards wherever you do business—even on the go—although you may not be able to process debit cards that require a PIN.
EMV compliant processors
As of October 2015, merchants that accept credit cards without using an EMV chip-card terminal are liable if fraud occurs from that transaction. (It's no longer covered by the credit card company if you aren't using an EMV terminal.) To protect yourself, you should have the ability to process EMV cards.
You may also want to see if the company you're purchasing from is Payment Card Industry (PCI) compliant. Being PCI compliant means your data is protected if there is a breach, making your card transactions secure.
Mobile Card Processors
If choosing a processor is making your eyes cross, there are services out there that allow you to make transactions using your smartphone or tablet, bypassing a merchant account. Using Square, for instance, you would enter credit or debit card details manually, or use the company's free magstripe card reader that plugs into your audio jack. You pay 2.75 percent of every swiped credit card transaction, or 3.5 percent plus 15 cents to enter the information manually, and the money is deposited into your bank account. There are no other fees.
Square reserves the right to shut down your account if you violate their terms of service or pose a high credit risk. Generally, Square is a better processing choice if your business is somewhat established, if your transactions are lower in average price point (under $100), if you aren't processing a huge volume of transactions, and if you're swiping or taking chip cards (not entering them manually).
There are other Square-like processors to consider, as well, such as Flint, PayPal Here, GoPayment, and Local Register.
Resources for Businessowners
- U.S. Small Business Administration, Accepting Credit Cards
- U.S. Small Business Administration, Online Payment Services
- National Federation of Independent Business, What You Need to Know About Mobile Payments
About Kate Ashford
Editorial Disclosure: Opinions, reviews, analyses and recommendations are the author’s alone and have not been reviewed, endorsed or approved by any bank, credit card issuer, hotel, airline, or other entity. Learn more about our editorial policies and expert editorial team.
Advertiser Disclosure: MoneyGeek has partnered with CardRatings.com and CreditCards.com for our coverage of credit card products. MoneyGeek, CardRatings and CreditCards.com may receive a commission from card issuers. To ensure thorough comparisons and reviews, MoneyGeek features products from both paid partners and unaffiliated card issuers that are not paid partners.