Form 1099-K: What Business Owners Need to Know

Receive a 1099-K form? Not sure what it is or what it’s used for? Here’s a brief overview to get you quickly up to speed and in the know this tax season.   

What is a 1099-K? 

Form 1099-K, also called Payment Card and Third Party Network Transactions, is an IRS information return form that is used to report transactions that are made by a payment settlement entity.   

In other words, if you use a service, like the payment processing provided by Constellation Payments, a third-party processor to process your credit cards and debit cards online, the transactions that were processed by the payment settlement entity are reported on Form 1099-K. 

Who is Issued Form 1099-K? 

Form 1099-K forms are mailed to our customers via USPS and are sent to the same address where monthly statements are sent. 

A copy is simultaneously sent to both the IRS and the merchant.  

It’s important to note that not all business owners who process credit card and debit card payments online are issued a 1099-K. There are minimum reporting thresholds. In most cases, a 1099-K is not issued unless: 

The payment settlement entity processed more than $20,000 worth of payments on behalf of the merchant annually, AND the payment settlement entity processed more than 200 individual transactions on behalf of the merchant annually. 

What Should I Do with My 1099-K? 

Form 1099-K should be used when preparing your annual tax return. According to the IRS, separate reporting of the transactions on Form 1099-K is not required.  Be sure though to add the income that is reported on your 1099-K to your total business income when you file your taxes.  
For more information, see the General FAQs on Payment Card and Third Party Transactions from the IRS.   

Have a question regarding Form 1099-K that wasn’t answered here? Post your question below or visit our Support Hub Portal.

Share this article:


PCI Data Security: The #1 Misconception That Can Harm Your Business and Its Reputation

There’s a common misconception about PCI compliance, that, if not addressed, can seriously harm the very business and professional image you’ve worked so hard to build.

The misconception? That your business does not need to become PCI compliant and renew its certification each year.

It’s easy to see how this misconception could come about. Most small businesses use a business management software, and work with third-party merchant services provider, like Constellation Payments, to help run their business.

Yes, the software provider is PCI-certified, and the merchant services provider is also PCI-certified.

However, working with PCI-certified vendors does not exempt a business from having to show their own compliance. All businesses that participate in the payment transaction process must adhere to PCI compliance standards. The process includes more than running payments through your software.

The payment transaction process includes how credit card and debit card payment information is handled at the front desk in fitness clubs and gyms, at the counter in salons and spas, on a tablet for on-the-go businesses like personal training, at the register in a retail store, and so on.

How Do I Get My Business PCI-Certified?

To become PCI-certified, your business must complete the self-assessment questionnaire annually.

Fortunately, there are many resources to help with PCI certification – ones that make it a relatively pain-free process.

At Constellation Payments, as part of our solution, each merchant is enrolled in the PCI Plus Protection Program that’s provided by well-known Quality Security Assessor, Sysnet.

What’s great about this program is that you get hands-on help. The team at Sysnet will guide you through the entire process to help you complete your self-assessment questionnaire (SAQ). And they’ll confirm all answers.

Once the questionnaire is completed, you’ll be able to download your validation certificate and then send the certificate to your merchant processor to have on file.

What Happens if My Business Isn’t PCI-Certified?

1. You could lose the ability to accept credit cards.

If there are possible breaches of card association regulations, the card brands could revoke your right to process credit cards.

2. You could get hit with a big financial loss.

Non-PCI-compliant merchants can face fines of up to $500,000.00 in the event of a data breach.

In addition, PCI non-compliance can result in penalties ranging from $5,000 to $100,000 per month by the credit card companies. These penalties depend on the volume of clients, the volume of transactions, the level of PCI-DSS that the company should be on, and the time that the company has been non-compliant. For example, the penalties for a Level 1 company that has not met the requirements for more than 7 months, could reach up to $100,000 monthly.

Merchant level identification is based on the total volume of transactions per year. See VISA’s site for detail on each level and level requirements.

3. You could lose clients and business.

All it takes is one data breach – no matter its size – to damage your business financially and inflict irreparable damage to your business reputation.

4. You’ll be subject to monthly non-compliance fees.

US businesses that have not completed their annual self-assessment questionnaire, and have not demonstrated PCI-DSS compliance, are subject to a $59.99 per month non-compliance fee.

At Constellation Payments, this fee is meant as an incentive to complete your PCI compliance self-assessment questionnaire to ensure you’re handling and processing credit and debit card payments in a safe and secure manner. Once a merchant has completed their questionnaire demonstrating compliance, the fee drops to $0.

The Benefits Beyond Data Security

Being PCI compliant doesn’t just ensure your business is following the rules and regulations. PCI compliance also helps your business growth and reputation. Knowing your systems are secure, consumers can trust you with their sensitive information and have confidence that their information is safe and protected.

Confident customers that trust you are more likely to do business with you again and become loyal, repeat shoppers. They’re also likely to recommend you to their friends.

Another key benefit of compliance: it improves your reputation with acquirers (banks and financial institutions that process credit and debit cards on your behalf).

Compliance also improves your reputation with payment brands such as VISA and MasterCard.

The Small Time Investment to Become PCI Compliant is Well Worth the Big Gains in Consumer Confidence and Peace of Mind

While it does take some time and effort to become PCI-compliant, it’s well worth it to gain customer trust and confidence — and avoid catastrophic data breaches that can destroy your business.

Not PCI compliant? Make today the day you become certified to protect your livelihood.

Or as the PCI Security Standards Council website so aptly states, “You’ve worked hard to build your business — make sure you secure your success by securing your customers’ payment card data.”

Share this article:


Global Payment Perspectives: Key Considerations that Can Make or Break Your POS Software Global Expansion – Part 2

Global POS photo

Thinking of expanding your POS software into international markets? Great! As a global merchant services company, we can help you do that. We’re able to provide a single gateway integration that allows software companies to enter foreign markets without having to integrate with multiple new banks and acquirers.

But First …

When going into new markets, I always advise my clients to make sure you’ve done your due diligence. In a previous post, I talked about the first step to take before entering international markets. Please check out that post first if you haven’t.

My last post covered specific considerations to take into account before global expansion.

There’s a bit more I wanted to cover, so let’s get into it and complete our list of key considerations.

1. Regional and Cultural Payment Preferences

Payment preferences are very different in different countries. You’ll want to know the common practices in the country you’re expanding into.

For instance, did you know, over 58% of online transactions that occur in Asia Pacific are done with alternative payment methods — not with standard credit cards or even direct debit?

In Asia Pacific, consumers pay with alternative payment methods like PayPal e-wallet services that are specifically geared towards specific regions.

Another example of payment differences: In Europe, especially in Germany, consumers prefer to set up direct debit for any transaction. Whether it’s their cable bill or gym membership, they are not accustomed to payment with a credit card. They prefer to use direct debit.

2. Consumer Behavior from a Consumption Perspective

You’ll want to consider different cultural differences when deciding which regions to expand into. For example, maybe you sell software used by fitness centers and are considering expanding to the Middle East-North African region. If one of those areas is primarily Muslim — which is one of the predominant religions in that region — you’ll want to consider making adaptations to your software to allow for cultural differences that would happen in a health club environment.

An example: you might want to provide the ability for women to have their own spaces or times to exercise without men present, and vice versa. You’ll likely want to account for that somewhere in your software so that the set-up of that software can include specific hours for specific groups that may need their own time.

3. International Fulfillment

If your product is typically sold domestically and you’re selling internationally, you’ll want to make sure your customer understands the logistics of shipping. Communicate the logistics by way of your marketing materials and website. Make sure the communication is clear and concise about what the fulfillment times are going to be, so that you set clear expectations.

4. Regulatory Issues

There are regulatory and legal issues to consider when moving into specific foreign markets. For example, the UK has specific, strict requirements to protect consumers from unauthorized charges. It takes a good while for a bank transfer to be authorized before you can begin debiting someone’s account.

If you want to debit someone’s account on the first of the month, that process needs to start anywhere from 10-14 days prior. There’s a customer mandate which is essentially the customer giving permission for you to debit their account and that must be submitted at some point 10-14 days prior to the day you want to debit their account.

Additionally, if consumers have an issue, you need to make sure everything is compliant. PCI compliance applies in all countries. Specific things about how customers will be charged needs to be communicated. If you are not a native speaker, you may need a website designer that can provide you a native language website and ongoing website support.

5. Legal Partner

It’s strongly recommended you hire legal counsel that can advise you to the nuances associated with moving into new international markets and make sure you’re following local laws of the region.

One international issue in some countries is that if you wish to process payments, you must have a local entity where mail can be sent and meetings can take place face to face with representatives of the company. This is particularly the case in the Middle East.

Yes, there’s a lot to consider before expanding internationally. And while this post and Part 1 of Key Considerations for POS Software Global Expansion give you a good starting point, it is by no means exhaustive.

However, I’m by no means trying to deter you from expanding. There’s much opportunity and business to be had when expanding globally. It’s just in your best interest to take the necessary steps to consider the entire picture along with the opportunity.

Many of Constellation Payments’ partners found integrating with our gateway more preferable than doing it themselves. With a single gateway integration, they were afforded access to multiple foreign markets and gained a partner already familiar with the payments landscape they were preparing to enter.

As always, if you have questions about our global payment capabilities or expanding your business into specific regions, feel free to give us a call at 888.248.7060 or send an email to


globeGoing Global: How to Successfully Sell Your Software Internationally

Considering expanding to international markets? Request a copy of our 30-minute webinar for more tips and guidance on growing your base outside the U.S.




Share this article:


What’s an ACH Payment? How Does ACH Benefit My Business? (Video)

What’s an ACH Payment? How Does ACH Benefit My Business? photo

The year 2000. That’s when I moved out of my parents’ house, and into the real world.

I remember a big part of my adulting was setting aside an hour or so once a month to “pay the bills”. Paying the bills required my checkbook. (Not a real book, a small 3” x 6” — usually pleather — folder with a pad of paper checks and ledger inside.)

Paying the bills meant I’d write out each check, fill out the remittance slip, put the check and slip into the supplied return envelope, and slap a postage stamp on the envelope. I’d then take my stack of envelopes to the mailbox for the post office to pick up and deliver. Delivery would take anywhere from 1 to 3 days depending on the vendor location.

Quite a process.

Today, all my bills are paid electronically online as ACH payments. It takes about 10 minutes to pay all 6 of my bills. I haven’t yet made the jump to automatic ACH, but know many who have. Automatic ACH means no time at all is spent “paying the bills”.

What’s an ACH payment?

You’re probably familiar with ACH payments and don’t realize it.

Have you ever gone to pay a bill online and you’ve been prompted to enter your bank routing number and bank account number? That’s an ACH payment.

But let’s back-pedal a bit. That acronym. What’s it stand for? ACH is the Automated Clearing House — the clearing center for all electronic payments that happen between banks and financial institutions in the U.S.

When people talk about ACH they’re usually referring to ACH processing — the process of moving funds from one bank account to another. Or an ACH payment — an electronic payment/eCheck — where you, the customer, give authorization for an institution to debit funds directly from your checking or savings account for bill payment.

How does a business benefit from ACH?

The benefits of ACH payment are clear for consumers: It’s much more convenient. Making an ACH payment is a lot faster than writing out a check and getting the payment into the mail on time. Plus, money is saved by not having to buy postage stamps.

For a business, there are many benefits to taking ACH payments, too. Some of the top benefits are:

Faster processing time — With ACH payments, it’s all online, so the processing time is much faster which means you get your money quicker. ACH payments are usually processed within 1-2 business days versus 5-6 business days it takes for the check to arrive in the mail and process it.

Cost-effective — With ACH payments, the funds are transferred from bank account to bank account electronically which makes the transaction cost very low and therefore, a more cost-effective payment method for businesses than accepting credit and debit card payments.

Especially cost-effective for businesses and organizations with recurring billing — The more transactions you have, the more transaction fees you pay. And if you run a business that charges a monthly fee, like a gym, or have customers that pay on a recurring basis, like a utility company, you have lots of transactions. ACH is particularly attractive for these businesses and organizations because they can accept payments in a cost-effective way.


Think ACH is right for you?

Obviously, ACH offers both businesses and customers the opportunity to save time and it provides major convenience. For businesses, you’re able to secure payments faster and save on transaction fees with ACH.

If you’re interested in learning more about ACH, or signing up to take ACH payments, give us a call at 888.244.2160 or fill out our simple online form. We’d be happy to go over the rates for ACH with you and help you get set up so you can start saving and streamlining your payment process.

Kristen Campbell is the Brand Manager at Constellation Payments. She is responsible for managing all marketing initiatives and programs including channel partner and merchant success programs, public and media relations, internal and external communications, and customer engagement. You can reach Kristen by sending an email to

Share this article:


Global Payment Perspectives: Key Considerations that Can Make or Break Your POS Software Global Expansion – Part 1

Global Payment Perspectives: Key Considerations that Can Make or Break Your POS Software Global Expansion – Part 1 photo

We recently held a webinar on Constellation Payments’ global payment capabilities. And while it’s extremely exciting to provide our partners with the opportunity to expand into different markets, we encourage our partners to be aware of the challenges they may face when expanding. And encourage them to have a plan to overcome those challenges.

Our last post covered the very first step in taking your POS software to international markets. It’s also extremely important to review this list of key considerations before moving forward into foreign markets.

Native Language Web Experience

If your product is marketed on the web or sold directly over the web, you’ll want to consider the native language web experience of your prospective audience. There is a large amount of evidence showing that you’ll get more sales and convert more leads from your site if there’s a native language version of your website in the regions you serve. For example, if you provide a product or service in Mexico, a Spanish version of your site is strongly advised.

Native Language Customer Support

What kind of inbound calls do you get today? Presumably you’re going to get similar calls from your international clients. How are you going to handle that? Should you get a third-party to handle support calls on your behalf? If not, should you consider online only, text-based support and judicious use of translation software? Knowing how you’re going to provide customer support is critically important.

Purchasing in Native Currency

This is very important because cart abandonment in ecommerce is a big issue. Put yourself in the shoes of a foreign consumer.

Say you were doing a search for a product or service you are interested in buying, and came upon a website written completely in Russian. You don’t speak Russian or understand Russian currency exchange, and now you’re deciding whether to hit the final button to pay with your credit card and make the purchase. Would you be OK with it? Would you be at ease?

Most people would be much more comfortable to read a webpage in their native language and pay in their currency. They don’t have to worry: “Did I get that exchange wrong? Am I overpaying?

13% of all cart abandonment in 2016 was due to prices not being presented in native currency. It’s important to present native currency on the marketing side and on the ecommerce side when it comes to the shopping cart experience.

Cash Flow Considerations

Consider native financial regulations. In North America, for example, funding happens pretty quickly. We’ve got a very robust internet backbone and robust financial system. Merchant processing and direct debit processing happens relatively quickly compared to the rest of the world.

On the other hand, you may be doing business in a foreign country where there’s a 10-15-day delay between purchase and funding into your account. Understanding those effects on your business is important so that you can make sure you have enough cash flow to float during that time.

No doubt this is a lot to take in. We’ll leave you with these four considerations and wrap up the list in our next post. If you have questions about our global payment capabilities or specific countries, payment principles, or regional differences regarding cash flow timing, please call us at 888.244.7060.

Share this article:


Global Payment Perspectives: The First Step in Taking Your POS Software to International Markets

Global Payment Perspectives: The First Step in Taking Your POS Software to International Markets photo

It’s an exciting time here at Constellation Payments. We’re expanding our global payment processing capabilities at a rapid pace. It’s a unique opportunity we can offer our POS software provider partners.

For example, if a partner wants to enter the European market, they don’t have to go with another gateway provider. We’re able to offer a single gateway integration that allows our partners to enter this market, and many others around the world, without having to integrate with multiple new banks and acquirers. One integration allows the ability to process with many, many processors. Partners get a single point of contact with us.

Thought it’s exciting and unique, expanding into international markets shouldn’t be done on a whim.

We know it’s very easy to get really excited about the opportunities to expand a business. But, you want to make sure that you don’t get so excited about the opportunities that you miss the challenges you’ll need to overcome to do things the way you want them to be done.


Before entering new global markets, we strongly suggest taking all challenges into consideration.

The best way of doing this is to perform a SWOT analysis on the countries and regions in which you’d like to expand.

A SWOT analysis means looking at your Strengths, Weaknesses, Opportunities and Threats. Strengths and weaknesses are internal factors that give your business an advantage or disadvantage, like financial resources, internal processes, and systems.

Opportunities and threats are external elements that influence your business like market trends, customer demographics, environmental issues, and suppliers.

After identifying the strengths, weaknesses, opportunities, and threats, you’ll want to have an internal discussion with your key product stakeholders of what markets are attractive to your software business and why.

Look at what offerings you have and make sure they’re as relevant in certain countries as they are in the countries you’re currently operating in.

How the SWOT Helps

If you’re born and raised in North America, you have a good understanding of how consumers feel about a product like yours. But when you’re entering a foreign country with different currency, different language, and a different culture, it’s very important to understand how your product or service is viewed by the prospective audience.

Is there a need for your product?

For example, we recently worked with a business that has an app with a payment component for personal trainers. They’re looking to expand into North America. A SWOT analysis revealed that there are challenges based on the current products that are currently on the market in North America. In this example, the SWOT analysis was key. The analysis uncovered the current competitive landscape and provided an eye into the future.

Deep Industry Experience Can Give You a Leg Up

If you have lots of experience with your industry, a great practice is to look at the foreign markets and say to yourself: “What’s missing from those markets? What’s missing that we can offer?”

Some emerging and foreign markets are a bit behind a more modern, robust market like a North American or European market. All the growing pains that have occurred and all lessons that have been learned in markets you’re familiar with can be applied into a new environment. That market may be lacking services and opportunities you can fill that others can’t.

Experience is also a key factor in choosing a payment processing partner. At Constellation Payments, many of our integrated partners chose us because we’ve done much of the work with regards to payments in these foreign markets already.

Bottom Line

Do your due diligence. Run a SWOT analysis. It’s important to note too that there are limitations to a SWOT analysis. We’ve seen very extensive SWOT analyses, but also very simple iterations that are more a summary than anything else. Regardless, a SWOT analysis of any kind is a good starting point and can provide valuable insight before venturing to foreign markets.

Should you have any questions about our global payment capabilities or performing a SWOT analysis, feel free to contact us at 888.248.7060.

Images courtesy of

Share this article:


The Equifax Hack: What You Need to Know, Steps to Keep Customer Data Safe

The Equifax Hack: What You Need to Know, Steps to Keep Customer Data Safe photo

By now we’ve all heard the story of how 143 million Americans (roughly half the US population) had their personal data compromised due to a breach at Equifax. It’s reasonable to be concerned about the security of your personal accounts. But what about your customers’ sensitive financial data?

With so many people affected, consumers are being inundated with admonitions to update their passwords, freeze their credit reports, and reconsider to whom they entrust their data.

Facing Facts

Whether you sell Point of Sale (POS) software or use it to run your business, it’s time to face facts. After all, if one of the largest custodians of consumer identity data can be hacked, POS software companies and the companies that use that software should assume the worst about their own vulnerability.

Fact 1: This breach was avoidable.

Equifax failed to implement a patch provided by a software vendor/partner for a known vulnerability discovered months prior to being exploited at Equifax.

Key Takeaway / Action Item

Remain vigilant and create mechanisms that ensure your software and any plugins, extensions, or API-connected applications are updated as soon as possible.

Automate where feasible. There are some risks to automated updates, including the possibility that an update could cause a system failure. Only you can determine if automation is right for your company, but it should at least be considered.

Many of North America’s largest POS software brands trust Constellation Payments as their gateway specifically because integration with our PCI Level 1 compliant gateway reduces PCI scope for them and their users.

Fact 2: Equifax fumbled the ball, fumbled the recovery of the ball, and fumbled the recovery of the fumbled recovery of the ball.

Equifax discovered the breach on July 29th, yet didn’t announce it until September 7th. They sent affected customers to a website that looked like a phishing site, and the mechanism for determining whether someone was a victim of the hack was easily spoofed by several security pros who entered dummy data; only to be told their dummy identities were likely compromised.

Finally, Equifax made the egregious decision to try to sell credit monitoring to those that received the bad news, making Equifax seem at best, callous and uncaring, and at worst, opportunistic and sleazy.

Key Takeaway / Action Item

Have a breach plan before you have a breach. Who would you call if this happened tomorrow? What would be the best, most effective measures to take upon learning that your company’s data was now available to anyone willing to purchase it on the dark web? Are there PR firms, Law Firms and Cybersecurity Firms you should have on speed dial?

One thing’s for certain the old saying that “a failure to plan is a plan to fail” never felt more fitting than it does in the case of Equifax.

Recommended reading: Check out: Your Cyber Incident Response Exercise. The article takes you through key questions and scenarios that should be discussed and documented with your team before a breach occurs. This preparation is invaluable. Having a plan in place will help you and your team properly respond to a breach in an organized manner, as opposed to being backed against the wall in a “what should I do …”, frenzied state during an actual breach.

Fact 3: Equifax put revenues ahead of security.

Financial disclosure documents show Equifax’s annual overhead had not increased in several years, while profits had increased steadily. It’s been speculated that Equifax may have been slow to fix the patch, because it would be very expensive, and might influence earnings. It seems obvious that a company with as much to protect as Equifax should be increasing its security budget steadily year after year.

Key Takeaway / Action Item

Dedicate a budget to cybersecurity, choose partners who have done the heavy lifting for you, review the budget and your plan at least once a year, and never settle for the minimum protections when it comes to sensitive customer data.

Bottom Line – Prevent, Prepare and Invest

Ensuring the security of your customers’ sensitive data should always be a top priority. Your customers trust you with their payment information. You should do whatever it takes to maintain that trust. Take the time to put proper security mechanisms in place.

Should a breach occur, know how to respond. A cyber incident response plan that can be used throughout your organization is something all businesses should have.

Lastly, never cut corners on data protection just to save some money. In the long run, it could cost you the business you’ve worked so hard to build.

Monitor image courtesy of

Share this article:


Payments Around the Globe: 5 Things You Need to Know Before Selling Products and Services Internationally

Payments Around the Globe: 5 Things You Need to Know Before Selling Products and Services Internationally photo

It’s 2017 and one thing’s for sure: Businesses are growing internationally. Franchises are opening more and more locations overseas. Companies that sell online are extending their reach into new and often emerging markets.

While profitable for many, these types of expansions can be complicated, particularly when it comes to payment processing. Each region has its own unique payments landscape which must be considered prior to market entry.

We’ll get into specific scenarios, such as online retailers, a little later, but for now, let’s consider those factors that affect all merchants wishing to sell to international customers.

Platform Payment Integration

Whether your sales are initiated via a traditional ecommerce platform, your own website, or a third-party POS platform, the platform itself will need to be integrated with a payment processor that is registered to accept and process payments in the countries where you wish to expand.

CSIPay Global Reach infographicOne challenge many companies encounter: very few payment gateways can facilitate payments in every country where they wish to expand their business. Without this ability, businesses wishing to acquire customers globally will face increased cost and reduced speed to market related to integration of their platform with several unique payment channels.

This challenge was the inspiration that drove Constellation Payments to design a gateway where merchants connect to multiple processors while simultaneously benefitting from one provider for the bulk of their international transactions.

The Constellation Payments gateway can facilitate transactions in North America, Central America, United Kingdom, European Union, Australia, New Zealand, and multiple countries in the Asia Pacific region. Businesses wishing to accept payments from customers all over the globe should examine their current gateway’s capabilities to be sure it will match their expansion goals.

Research and Adapt

Not all markets function the same. For example, in Europe, consumer use of direct debit payment methods both for one-time and recurring transactions is far more prevalent than it is in North America or Asia. Companies that don’t understand this nuance will exclude themselves from a significant portion of the market. While you don’t have to offer every payment method under the sun, it is advisable to choose a platform/gateway combination that will offer the payment methods your target customer is most likely to use. When entering new markets, businesses are encouraged to discover what those methods are and evaluate their payment gateway and/or processor accordingly.

Another best practice is to present yourself and your company in the best possible light to foreign customers. Imagine tracking down a retail item you want to purchase only to discover that the site where you will purchase item is in a language completely foreign to you and in a currency different than your own. You can’t read the site, and you’ll likely have to leave the site and find an online currency conversion tool to verify that the price you are paying is acceptable.

Many customers facing this dilemma would simply leave the site without putting anything in their carts at all. Those that do proceed to checkout are likely to leave the site without completing their purchase due to the foreign currency issue.

In fact, 13% of all cart abandonment in 2016 was due to prices being presented in a foreign currency.

This is something we addressed at Constellation Payments early on. Our merchants can accept payments in the local currency of their customers no matter where they are, but still have the funds settled into their merchant accounts in their own native currency. This is all accomplished through something called Dynamic Currency Conversion (DCC).

Not all gateway and merchant services providers can provide this service though. It is highly recommended that companies going international verify whether DCC is available on their current platform and/or gateway configuration.

All this said, having localized versions of your website that acknowledge the language, customs, and currency of your target customer is highly advised when expanding internationally.

Clear Communication

In addition to the language and currency issues described above, it is also important that international customers purchasing physical goods understand any additional costs associated with purchasing from an overseas vendor.

When done right this is not a barrier to the sale at all. In fact, it is quite the opposite and somewhat expected. Clearly stating shipping costs, and making it easy to track items during the journey overseas, is critical. If there are duties or taxes that will be levied on foreign shipments, businesses will need to decide whether to absorb those costs or pass them on to the customer. If passing them to the customer, it should be crystal clear prior to finalizing the purchase.

B2B Challenges

There are some international challenges that are unique to the B2B world. For example, a company selling point of sale software will need to consider which foreign processors their merchants will be comfortable using and how their software users will obtain merchant accounts locally.

If a company in Mexico purchases the POS platform, not only will they want the POS platform to communicate in their native language, but when they have questions about things like deposits or chargebacks, they’ll want to speak with a payments professional that can speak their native language.

To address this for our own merchants, Constellation Payments has made strategic partnerships with carefully chosen local providers of merchant services, so that software companies connected to our gateway can refer their users to a local provider of payment processing that has been approved to process through our gateway and who understands local customs and banking regulations. These representatives can assist new merchants in applying for, using, and inquiring about their merchant accounts all in their native tongue.

Data Security

Another key issue when conducting transactions with foreign customers over the Internet is data security. Don’t let your company join the ranks of those with highly-publicized data breaches that have cost them billions in damages and lost credibility in the marketplace.

Constellation Payments is PCI-DSS Level 1 compliant, which is the highest level of certification available from the major card brands. Constellation also employs data encryption and credit card tokenization. Tokenization is the encoding of cardholder data such that it cannot be decoded without a key available only to the processor, and cannot be decoded or reused if intercepted by a third party.

Final Thoughts

Whether you are already offering your products or services internationally, or considering doing so, the team at Constellation Payments would be happy to review your processing needs and advise you as to your best options regarding payment processing.

Share this article:


How to Read a Monthly Credit Card Processing Statement

How to Read a Monthly Credit Card Processing Statement photo

In the payments industry, it’s common practice to analyze credit card processing statements to help merchants understand what they’re paying — and where they could possibly save.

But, reading monthly credit card processing statements isn’t as clear-cut as one would hope. Fortunately though, once you have some basics down, the review process becomes much less daunting.

Here are a few pointers to help you quickly review a monthly credit card processing statement:

Step #1: Identify the Pricing Method

The first step is to determine how the account has been set up. What pricing model is being used?

The most common pricing methods are: Tiered, Interchange Plus (also referred to as Pass Through or Cost Plus), and Flat Rate.

  • Tiered Pricing, sometimes referred to as bundled or bucket pricing, describes a pricing model where the processor essentially divides the 400+ permutations of risk factors, into three groups, sometimes called buckets. Most commonly, tiered pricing is offered in a three-tier system: Qualified, Mid- or Partially-Qualified, and Non-Qualified. For more on tiered pricing, see the article: Understanding Credit Card Processing Charges.
  • Interchange Plus Pricing, also known as Pass Through or Cost Plus, is a method where the processor will apply the interchange cost (or what you can think of as wholesale pricing), and add a fixed mark-up fee to facilitate the transaction. Although this is the most transparent pricing program, it can be a bit confusing since there are hundreds of interchange categories and rates that could be applied in each billing cycle.
  • Flat Rate Pricing is where a single rate and/or per transaction fee is applied to all transactional activity. Most frequently, the transactional activity is separated into two categories: Card Present (Swiped/Dipped) and Card Not Present (Key Entered). A Flat Rate and/or per transaction fee is established for each Card Present and Card Not Present activity. This fee structure is typically most attractive to merchants with very low volume and transactional activity each month, as it’s the easiest to understand.

Another tip for identifying the pricing method: know the merchant business type. Certain pricing methods pair up with specific types of businesses or size of businesses.

For example, small business merchants are likely set-up on a Tiered Pricing method, whereas a large volume merchant is more commonly placed on Interchange Plus. Micro merchants — merchants with very low volume — are more attracted to a Flat Rate model.

Step #2: Determine Current Rates   

The Discount Rate is the rate charged to a merchant by the bank or processor for providing debit and credit card processing services. The rate is applied as a percentage and/or per item fee, and is calculated for settled transactions/volume. The rate will vary widely based on the pricing method.

Step #3: Review Authorization Fees

Authorization Fees are charged whenever the point-of-sale device or software system communicates with the processing network. This is most commonly used when the system is attempting to authorize a sale transaction on the cardholder’s account.

Authorization Fees are often mistaken for the per item fee, which is the fee assessed in the discount charges for settled transactions. The Authorization Fee can also widely vary, based on the card type (VISA, MasterCard, Discover, American Express), and if the authorization attempt is being conducted electronically or by phone/voice.

Step #4: Review Other Fees

Other Fees come in many forms. Most frequently are the monthly fees and annual fees.

Examples of Other Fees are: Monthly Service Fee, PCI Fee, Statement Fee, Equipment Rental or Lease Fee, Maintenance Fee, Reporting or Online Access Fee, Annual Fee, Regulatory Fee.

Step #5: Assess the Effective Rate

The Effective Rate is the overall percentage rate the merchant is charged, taking all fees (discount, authorization, other fees, etc.) into consideration. To calculate the Effective Rate, take the total fees paid and divide by the total volume.

A couple other factors to consider when calculating the Effective Rate:

  • Are all card types funded by the processor? For example, American Express may be funded separately, by American Express. If this is the case, you’ll want to exclude American Express volume from the Effective Rate calculation.
  • Are there any one-time or miscellaneous fees on the statement? If there are any one-time or miscellaneous fees, you may want to exclude these from the fee amount you use to calculate the Effective Rate. Doing this will help you to understand what is a typical Effective Rate.

Getting the Most Cost-Effective Rates and Fees

Yes, reviewing a credit card processing statement can seem intimidating, but it’s worth familiarizing yourself with the basics so that you understand the numbers and can make informed decisions about your business’ finances.

As a merchant services provider, Constellation Payments works with thousands of small to medium-sized businesses to make sure they are receiving the most cost-effective rates and fees.

If you’re unsure you’re receiving the best rates possible — or have specific questions about your credit card processing statement — contact us. We’ll gladly review your most recent statement with you so that you fully understand what you’re currently paying and where you could save.

Jennifer Sumii is Manager of Partner Relations for Constellation Payments. Within her role, she oversees critical company partnerships, including partners with custom integrations, large core processing accounts, and processor or origination companies. Her background includes extensive processing and banking experience, specifically FI/ISO/ICA relationship management, corporate and commercial banking relationship management, national account management, and new ISO/MSP implementation and training. You can reach Jennifer at

Image courtesy of

Share this article:


Cybersecurity Operations: Is Your Business Complying with These PCI-DSS Requirements?

Cybersecurity Operations: Is Your Business Complying with These PCI-DSS Requirements? photo

Did you know that the Payment Card Industry Data Security Standard (PCI-DSS) requires that specific cybersecurity operations procedures be conducted on a periodic basis?

Depending on whether you’re a merchant or a service provider — and the nature of how you deal with credit cards — these mandatory procedures may include (but are not limited to):


  • Security log reviews


  • Patching of software and system components


  • Internal and external vulnerability scans


  • Firewall rule reviews


Many of the operations processes required by the PCI-DSS are not only required to be executed according to the specified period, but also when a change to the environment compels an update, such as a penetration test of a new application or vulnerability scan of a new technology environment.

Take Note! Maintaining Records is a Must

The challenge from a compliance perspective is that these procedures must not only be executed, but records must be maintained because you will need to be able to demonstrate that these procedures have taken place if audited or the subject of a breach investigation.

The PCI-DSS requires that these operations processes be executed according to documented procedures, and that the records demonstrate that these procedures were followed. Moreover, if an annual PCI-DSS assessment discovers that the execution of a periodic operations process was missed at some point over the last 12 months, that is potential grounds for your organization being deemed non-compliant.

Prepare to Succeed

For every minute spent organizing, an hour is earned.” ~ Benjamin Franklin

It is simply not feasible to meet these PCI-DSS requirements without a formal cybersecurity operations program. Your organization needs to develop a plan for this program.

Step 1: List the periodic cybersecurity operations tasks required, with the required frequency.

Step 2: Document the procedures for the execution of each task.

Step 3: Assign personnel to execute the procedures and document the results.

Step 4: Assign one or more different personnel to review the records to make sure the procedures are being done.

As you go through this exercise, you’ll likely discover that you aren’t sure how to interpret a particular operations requirement, or that you don’t have sufficient personnel to execute the procedures according to the prescribed frequency.

If that is the case, you may need to contract outside assistance to work with you to develop some of the procedures, or to handle some of the operations tasks. Maybe you’ll need to hire more personnel or reassign existing personnel away from lower priorities.

You won’t know until you develop the plan. And you won’t achieve PCI-DSS compliance without a formal cybersecurity operations program.

Dominic Genzano is the CEO and Founder of STIGroup, an Information Security Consulting firm that provides a full suite of Information Security services. In his role, Dominic leads the continued development of the CyberSecurity services strategy. As an established cybersecurity industry expert, and a principal consultant of STIGroup, he has led significant security initiatives for major private corporations and public sector entities. Dominic can be reached at

Share this article: