Merchant services

Payment Processing Security: The Role of the ISO

payment processing security the role of the isoIndependent Sales Organizations (ISOs) have a very important role when it comes to dealing with payment processing security. As we have discussed many times, it is absolutely imperative that as a merchant, you take your time in choosing the proper payment processing partner. Not only for cost effective solutions, EMV certified and PCI-compliant hardware, but also for the knowledge that your payment processor should be providing you regarding security best practices.

Starting a business? Download "The merchant services survival handbook" to  learn how to process payments.

There are many solutions that are available to you as a merchant in order to accept credit cards for your business. And each solution provides different challenges in protected your payment processing hardware and your customer’s credit card data.

The code of conduct is one of the first pieces of information that, as a merchant, you should be familiar with. This includes best practices for accepting credit card payments, how to ensure security within the industry, and what your rights are as a merchant. It also includes detailed explanations of how merchant contracts are required to be set-up, cancellation protocol and much more. For any information regarding the code of conduct, request a copy from your payment processing provider, and if you feel like you are not getting the service level that you require, it may be best for you to take the time and look for a new provider that will suit your business needs.

All Merchants

Communication is the first step in becoming aware. Your payment processing provider is a tool that not only allows you to accept credit cards at your place of business, but should be used as an information hub for all your questions and concerns regarding security. Typically, your provider should have thorough information accessible through their website, and worst case scenario, will provide what you need if you simply send an email to your account manager, or helpdesk.

Promoting safe and secure credit card transactions at your place of business, and understanding what your responsibilities are as a merchant will ensure that your customer’s credit card information is safe, and your business does not incur costly chargebacks or credit card fraud.


For card present merchants, ensure that you have a regimented schedule with your staff to constantly check your payment processing equipment. This means daily checking of all equipment for any type of tampering, changes in location, unusual activity by a customer around the payment processing equipment, or installing video surveillance that can be monitored from a smart phone or computer remotely.

By taking pre-emptive measures to protect your customers and your business, you will greatly reduce potential problems with fraud and equipment tampering.

EMV certified and PCI-Compliant

As discussed briefly above, it is very important that your payment processing equipment be EMV certified and PCI-compliant. Using a swipe machine, rather than a chip and pin insert can leave you at risk for chargebacks and card fraud because that extra level of security, in the pin code, is not present. Also, whether or not you have chip and pin currently, be proactive with checking the name of the cardholder, request a second piece of identification if necessary, and always follow your instincts.

If you feel like something does not seem right, or the situation feels forced or rushed, take the time to ask the right questions. It is your right and responsibility to protect your business by those individuals who may be trying to commit fraud. There is no rule that a check out, or transactions has to be instantaneous. Slow down the process and take the right steps for being secure.


This incorporates e-Commerce solutions and over the phone transactions. Card-not-present simply means that the cardholder is not at the point-of-sale with their card physically inserting or swiping to complete the transactions. All online purchases are done through a website, and over the phone transactions are punched in manually at the point-of-sale. For your website, be overly secure.

If that means, adding extra fields at check out, requesting personal information that pertains to the card holder, or putting a limit on the amount of orders one card can make in a day, those will all help reduce your risk of fraud. Over the phone transactions are a bit more difficult to ensure security, but still comes down to asking the right questions.

All of the information required for providing a secure transaction experience for your customers through proper payment processing practices should be provided by your payment processing partner. Use their expertise for any questions that you need answering, and if they simply aren't up to pay, move on. You should never feel like your needs are not being taken care of. Make the right decision, for your business and your customers.


Text Size

Justin Proctor

As director of sales, I run the day-to-day sales department at BNA Smart Payment. I’m responsible for recruiting, training, coaching, and retaining top sales reps and leading a customer-first sales team. I lead an awesome team of revenue-generating machines (aka salespeople) on the front lines of the sales process, move the pipeline forward, build inbound sales playbooks, and implement processes to drive revenue.

Find Justin Proctor on:

Subscribe to our blog