What Are Other Merchants Saying?
Here at CPO, we review every comment that we receive from our readers, and sometimes we see merchants mention a topic that isn’t covered in our reviews. To help you stay on top of the trends and issues in the credit card processing industry, we’ve gathered the following merchant complaints posted to CPO during May and June. If you would like to respond or add your thoughts to any of these comments, please follow the links to the original comments and reply to them directly, or leave a comment of your own below the appropriate company’s review.
A New Heartland Monthly Fee
Need to updated your review on Heartland, they just started charging $125/month PCI compliance Fee. As a small business owner that had 3 stores with standalone CC machines….and working software security for 30 years in Dod, FBI, CIA… the questions are a joke. 95% of the questionnaire should be filled out by Heartland. I don’t have access to any of the hardware on their standalone hardware. I have no idea how cryptic the credit card info is sent over net.
We have received a steady stream of complaints regarding Heartland’s increased fees ever since the company was acquired by Global Payments in late 2015. This most recent fee sounds more like a PCI non-compliance fee due to its monthly recurrence and the fact that Larry mentions extra paperwork.
Regardless of its actual name, an extra $125 per month is one of the highest recurring fees we’ve seen in the industry. Merchants who suspect that they may be paying this fee are encouraged to find and eliminate it with a third-party statement renegotiation service.
Watch Out For Unexpected Research Fees
Paya (Sage Payment Solutions, whatever, same company) sent me a 1099(k) listing all of the money I received from customers. As you might imagine this resulted in a letter from the IRS, claiming that I under-reported my income, as I also received 1099(k) forms from my actual customers.
In attempting to remedy this issue with Paya, I was shuffled from one “customer service” to another, over the course of two hours.
Finally, exhausted, I called once more to the ‘Virtual Terminal‘ support desk, and simply asked for help generating a report for that tax year listing the payer and amounts paid. Simple enough.
I just received an email informing me that they charge $55 per hour and would require 10-15 days to complete this simple archive search.
If you choose to use Sage Accounting and/or Paya processing services, this is what you can expect.
Mike Payne’s June 12 comment reports a similar situation:
I used Braintree, Squareup, and Paya. Closed business for move. Had IRS problem pop up. Needed access to two year old statements. With braintree and Square, I was able to go back as many years as I had account. With Paya, I am sealed off. They said the “research fee” is $55 per hour and then $10 per statement. I don’t begrudge them the right to do as they like, but these sorts of things are not on someone’s mind when first time starting out in a small business venture. Mind you, I do not know if it would have been better if they were still Sage.
These “research” fees that charge an hourly rate for simply obtaining documentation may seem rare, but they’re actually a common inclusion in most merchant account contracts. In our view, $55 per hour is a bit of a steep rate for a processor to simply dig through its own archives. Merchants may be able to mitigate their risk of paying these fees by documenting as much as they can on their own, but the only reliable form of prevention is spotting where this clause is hidden in your contract and negotiating its removal.
Card Swipes Are Now Liabilities
There was a dispute to my account through Square in June 2018, even though the dispute it was based erroneously on an unrecognized charge, because it was a chip card and I only had a stripe reader it was automatically an EMV dispute and immediately found in their favor. Funds were taken from my Square account funded by my credit union, shortly thereafter the client realized the mistake end canceled the dispute before the funds were deposited back in their account. The bank that received the refund then reversed it and transfered it back to Squares bank. However, Square denied any evidence of the refund, the bank sent documentation and Square claimed it wasnt what was required. Then the bankcalled Square directly, but they were unable to convince Square of the reversal or aquire a statement of what they DID need from them. I was finally told i needed a letter from the bank, which i sent email, that wasn’t good enough, they needed tangible affirmation that the dispute was canceled and required I phisically go to a branch of the bank and retrieve a printed letter stating reversal. I did that also, then they said I would see the funds 5-7 business days later. After 2 weeks I contacted Square again, now I would have to wait up to 4 months for the reversal. I waited 9, months and contacted Square yet again, only to start from scratch again.
After several dozens of frustrating emails claiming they had received nothing from the bank, and blatant disregard for the documents I submitted again, I was able to get them to acknowledge the info I sent, denied it was what they previously accepted as proof, yet couldn’t tel me what it WAS, saying. I was told that Square and their aquiring,bank were waiting for return of funds from the bank. They told me I had to wait until they got the funds back. It’s been almost a full year since the bank assures me the funds were sent to Square, so clearly unless I can make headway in this debacle, I will never be refunded. ANY insight would be greatly appreciated.
Aside from Square’s refusal to assist Keavan, the most noteworthy detail in this comment is the fact that swiped transactions made through non-EMV compatible machines will now automatically fail any chargeback dispute. This means that if you accept a swiped payment through a credit card terminal that is not EMV-compatible, and the customer files a chargeback for that payment, then any attempt you make to challenge that chargeback will be automatically dismissed in the merchant’s favor. The only way to avoid this scenario is to ensure that you purchase a quality EMV terminal at each of your locations.
Assigning Blame After a Hack
We had someone hack our Shopify store and because they don’t have two step authentication like our other payment processors the hacker easily changed our account number to theirs and was putting all of our deposits into a bunch of diff accounts. Once we found this out we had been frauded for over 100k and Shopify blames Stripe and Stripe blamed Shopify both said there was nothing they could do. BEWARE they offer NO protection to their customers. We are switching payment processors and getting a lawyer.
This is an odd case due to the relationship between Shopify and Stripe. While Shopify provides an e-commerce store for merchants, Stripe processes the actual payments through that store. This means that the initial breach may be due to lax security in Shopify’s platform, but Stripe facilitated the payments to multiple dummy accounts without detecting fraud. In either case, it may be difficult to assign the blame and obtain legal relief for criminal activity conducted through either provider’s platform.
Both Shopify and Stripe actually do offer two-factor authentication for store owners, but Shopify does not permit store owners to set it up for their staff members. Merchants are always encouraged to understand their exposure to hackers and prepare accordingly.
Have you had an experience that you would like to share with these commenters? Reply to their comments and you may be featured in next month’s complaint roundup!