You do everything to protect the payment information of your online customers, from partnering with the best credit card processing company to staying PCI compliant. But are your customers’ online accounts safe? A growing trend in fraud is called Account Takeover, or ATO. Fraudsters do just that: weasel their way into another user’s account to profit from what’s there.
From 2015 to 2016, there was a 31 percent increase in incidences of ATO, with a whopping 61 percent increase in losses. This rise may partially be blamed on the added security that has come from the widespread adoption of EMV technology; fraudsters are shifting strategies to areas that still present an opportunity. Customer accounts are just such an opportunity, as they typically have flimsier security.
First off, ATO is hard to detect, as retailers can’t really see much that looks suspicious. It’s up to the customer to notice, but fraudsters can easily take steps to hide their activity, such as changing the email account that receives notifications. Once the fraudster has an account, there is a wide range of ways to make it pay, from using up stored credits, to phishing other users from the safety of the account, to selling the info gained on the black market. The potential is huge.
It may seem like only the big boys like Amazon need worry about this type of fraud, but even smaller online vendors are susceptible to ATO. That’s because fraudsters routinely rely on bots to do their dirty work. Bots use brute computing force to test huge amounts of stolen usernames and potential password combinations, over a huge number of websites to find a way into as many accounts as they can. It seems improbable, but this method can work surprisingly well; some researchers estimate a success rate as high as 2%—and just a few payoffs make it worth their time.
What can be done to protect customers? Offering two-factor authentication, and measures to stop bots, are a few ways. If you are a small business, the most important step to protecting your customers’ accounts is to rely on a trusted, up-to-date e-commerce provider that uses the most advanced security measures available.
You can also encourage your customers to use safe password habits. One bad habit that can enable ATO attacks is the common practice of reusing username and password across many sites. If it’s compromised on one site, it becomes possible to access more accounts.
Becoming fully aware of the problem is the first step; making sure you’re partnered with the best credit card processing company and most dependable e-commerce provider is next. Your customers will be none too understanding if your site’s accounts are compromised, and the blame doesn’t fall on the e-commerce provider: it falls on you. Do everything to keep them safe.
Thank you for scheduling. If you have any questions, please contact us at 800-625-1670.
A credit card surcharge is an additional fee added to a transaction when a patient chooses to pay with a credit card. The surcharge is intended to help offset the cost of credit card processing and applies only to eligible credit card transactions.
No. Debit card transactions may not be surcharged under any circumstances, even if the debit card is processed as a credit transaction or entered manually.
Yes. Credit card surcharges may not exceed the merchant’s actual cost of accepting credit cards and are capped at a maximum of 3% of the total transaction amount, in accordance with card-network rules and applicable law.
Yes. Card networks require clear and transparent disclosure of any credit card surcharge. Practices must notify patients through appropriate signage at the practice entrance, point of sale, and anywhere payments are accepted. If payments are accepted online, the surcharge must also be clearly disclosed on the practice’s website.
Yes. Some U.S. states and territories prohibit or restrict credit card surcharging. Practices are responsible for understanding and complying with their state’s specific requirements before implementing a surcharge.
No. While Moolah provides tools and general guidance to support credit card surcharging, compliance with all applicable laws and card-network rules is the responsibility of the merchant. Moolah does not provide legal advice and assumes no liability for a merchant’s compliance.
Most major credit card networks permit surcharging when done in accordance with their rules, but additional requirements or restrictions may apply. Practices should ensure they have completed all required network notifications and disclosures prior to enabling surcharging.
Failure to comply with surcharging rules may result in card-network fines, required refunds, or other enforcement actions. Practices should ensure they fully understand all applicable requirements before applying a surcharge.
Flex does not currently offer built-in support for credit card surcharging. If a practice chooses to enroll in a surcharge plan, payments would need to be processed through Moolah’s payment platform, which is designed to support surcharging and integrates directly with Open Dental.
If you are considering introducing a credit card surcharge for your patients, it is important to understand that there are specific rules and regulations that must be followed when enrolling in and operating under a surcharge plan.
This article provides a general overview of common surcharging requirements. This content is provided for informational purposes only and does not constitute legal advice. It is the responsibility of each merchant to review, understand, and comply with all applicable laws, card-network rules, and regulatory requirements, including notification timeframes, signage requirements, surcharge percentage limits, and jurisdictions where surcharging is prohibited.
If you are unsure about the laws or regulations applicable to your practice, you should consult with qualified legal counsel. Moolah assumes no liability for a merchant’s compliance or non-compliance with credit card surcharging rules or regulations.
Transparent Communication
Card networks, including Visa, Mastercard, Discover, and American Express, require merchants to clearly and transparently disclose when a credit card surcharge is applied.
Practices must clearly notify patients of a credit card surcharge through appropriate signage placed at the practice entrance, at the point of sale or terminal, and anywhere payments are accepted. If payments are accepted online, surcharge disclosures must also be clearly visible on the practice’s website. All disclosures must inform patients that the surcharge applies only to credit card transactions.
Surcharge Limits
Credit card surcharges must comply with both card-network rules and applicable law. The surcharge amount may not exceed the merchant’s actual cost of accepting credit cards and may not exceed 3% of the total transaction amount.
Card-network rules cap credit card surcharges at 3%, meaning that if a merchant’s processing costs exceed this amount, the excess portion cannot be passed on to the patient.
Network and State Restrictions
The major credit card networks, such as Visa and Mastercard, impose specific requirements related to surcharge limits, advance notification, and disclosure.
In addition, several U.S. states and territories regulate or prohibit credit card surcharging. At the time of writing, credit card surcharging is prohibited in Connecticut, Maine, Massachusetts, and Puerto Rico. Other states, including Colorado, Minnesota, Mississippi, New Jersey, and New York, impose restrictions on surcharge amounts or require specific disclosures.
If your practice operates in a state that restricts or prohibits credit card surcharging, you must fully understand and comply with those requirements before implementing a surcharge.
Debit card transactions may never be surcharged, even if the debit card is processed as a credit transaction.
Applicability
Credit card surcharges may be applied only to credit card transactions. Other payment types, including debit cards and alternative payment methods, are not eligible for surcharging.
Regulatory Compliance
Merchants are responsible for maintaining ongoing compliance with all applicable card-network and legal requirements. This includes meeting advance notification obligations, using compliant signage and disclosures, adhering to surcharge percentage limits, and respecting jurisdiction-specific restrictions.
By following these guidelines, dental practices can implement credit card surcharging in a way that aligns with card-network rules and promotes transparency with patients. Clear and upfront communication helps maintain patient trust and supports a positive payment experience.