Tricks and Traps of Business Credit Cards

Just when small-business owners thought big banks didn’t want to deal with them, the banks are surprising them with zero-rate credit card promotions and enticing reward programs. Last month, I received 11 colorful offers from six different credit card issuers. It all seems too good to be true.

So, are these offers really a good deal for business owners? Unfortunately, not so much.

Small-business credit cards — or so-called “professional” credit cards — are exempt from the new regulatory protections of the Credit Card Accountability, Responsibility and Disclosure Act. This means that a credit card offered to Susan Schreter in the “name” of my company doesn’t have to abide by the regulations that now govern credit cards offered to me personally. And that’s how seemingly attractive credit card offers can turn out to be well-disguised gotchas! Here’s what you should bear in mind:



- Compare credit costs and risks. Unlike issuers of personal credit cards, business card issuers can impose retroactive rate increases “any time and for any reason,” including being late on another vendor’s bill. Issuers can also hit business owners with late fees associated with weekend payments or due dates that fall in the middle of the day. Unlike personal credit cards, business credit cards are not obligated to apply payments to outstanding balances with the highest interest rates.

- The IRS doesn’t care. A number of business credit card solicitations I’ve received imply that for IRS document-support purposes, it’s better to charge business expenses to a company-named small-business credit card than a personal credit card. Not so.

All the IRS cares about is the nature of the expense and proper recordkeeping. If you charge a personal expense to a business credit card, the IRS will still disallow the expense as a business deduction. On the other hand, owners can charge legitimate business expenses to a personal credit card that is set aside for business purposes and still qualify for an IRS business deduction.

- You’re always liable. Almost all the promotions I’ve received emphasize the ease of giving employees their own business cards. They say it helps staff members look “professional” and provides added convenience for tracking employee expenses.

But here’s what the promotions don’t highlight: The signer of the business card application personally accepts all responsibility for bill payment, even when employees make unauthorized purchases to a business card. This is true even if the business is organized as a corporation or limited liability company. Some cards will notify owners if employees exceed their spending limits, but that’s it. Once a charge is incurred, the business owner owns the liability.

The safest approach, especially for smaller companies that can’t afford costly surprises, is to promptly reimburse employees for documented business expenses. It’s funny how employees adhere to company-approved travel policies when expenditures first hit their own credit cards!

- Always know the score. Securing a business credit card can be advantageous to business owners who want to establish a credit history in their company’s name with Dun and Bradstreet, or “D&B.” If this is the primary purpose for taking on the added financial risks of a business credit card, make sure your issuer reports activity to D&B. Chase, for example, will forward information on credit cards to D&B. Others won’t.

Business credit card activity can also impact a business owner’s personal credit profile. Since business credit cards are personally guaranteed by the owner, it’s reasonable for business card issuers to forward account activity to personal credit scoring services. Again, some business cards do; others don’t.

- It’s not about the rewards. Most business credit card solicitations emphasize all the rewards associated with their cards — no blackout dates for travel, extra points or cash back on certain types of expenses, etc. But just because a promotion touts a great rate, it doesn’t mean you will ultimately qualify for the issuer’s lowest rate or the desired spending limit. When you read the fine print, you’ll also find that most cash-back offers are limited to a few expense categories or max out at a certain expenditure level.

Right now, Bank of America is extending some of the federally mandated personal credit card protections to its professional credit cards. I hope other credit card issuers follow Bank of America’s lead.

But until Congress votes to close banking loopholes that work against Main Street business owners, the prudent course of action is to be cautious and read the fine print. Favor predictable interest rate credit relationships that don’t just look good, but are also good for your company’s financial health.

Susan Schreter is a 20-year veteran of the venture finance community and a university educator in entrepreneurship. She is the founder of TakeCommand, a community service organization that offers the largest centralized database of startup and small-business funding sources in the U.S.

Security problems and solutions

Credit card security relies on the physical security of the plastic card as well as the privacy of the credit card number. Therefore, whenever a person other than the card owner has access to the card or its number, security is potentially compromised. Once, merchants would often accept credit card numbers without additional verification for mail order purchases. It's now common practice to only ship to confirmed addresses as a security measure to minimise fraudulent purchases. Some merchants will accept a credit card number for in-store purchases, whereupon access to the number allows easy fraud, but many require the card itself to be present, and require a signature. A lost or stolen card can be cancelled, and if this is done quickly, will greatly limit the fraud that can take place in this way. For internet purchases, there is sometimes the same level of security as for mail order (number only) hence requiring only that the fraudster take care about collecting the goods, but often there are additional measures.[citation needed] European banks can require a cardholder's security PIN be entered for in-person purchases with the card.

The PCI DSS is the security standard issued by The PCI SSC (Payment Card Industry Security Standards Council). This data security standard is used by acquiring banks to impose cardholder data security measures upon their merchants.
A smart card, combining credit card and debit card properties. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. The contact pads on the card enable electronic access to the chip.

The low security of the credit card system presents countless opportunities for fraud.[according to whom?] This opportunity has created a huge[specify] black market in stolen credit card numbers, which are generally used quickly before the cards are reported stolen.[citation needed]

The goal of the credit card companies is not to eliminate fraud, but to "reduce it to manageable levels".[15] This implies that high-cost low-return fraud prevention measures will not be used if their cost exceeds the potential gains from fraud reduction - as would be expected from organisations whose goal is profit maximisation.

Internet fraud may be by claiming a chargeback which is not justified ("friendly fraud"), or carried out by the use of credit card information which can be stolen in many ways, the simplest being copying information from retailers, either online or offline. Despite efforts to improve security for remote purchases using credit cards, security breaches are usually the result of poor practice by merchants. For example, a website that safely uses SSL to encrypt card data from a client may then email the data, unencrypted, from the webserver to the merchant; or the merchant may store unencrypted details in a way that allows them to be accessed over the Internet or by a rogue employee; unencrypted card details are always a security risk. Even encryption data may be cracked.

Controlled Payment Numbers which are used by various banks such as Citibank (Virtual Account Numbers), Discover (Secure Online Account Numbers, Bank of America (Shop Safe), 5 banks using eCarte Bleue and CMB's Virtualis in France, and Swedbank of Sweden's eKort product are another option for protecting against credit card fraud. These are generally one-time use numbers that front one's actual account (debit/credit) number, and are generated as one shops on-line. They can be valid for a relatively short time, for the actual amount of the purchase, or for a price limit set by the user. Their use can be limited to one merchant. If the number given to the merchant is compromised, it will be rejected if an attempt is made to use it again.

A similar system of controls can be used on physical cards. For example if a consumer has a Chip and PIN (EMV) enabled card the card can be limited so that it be used only at point of sale locations (i.e. restricted from being used on-line)[citation needed] and only in a given territory (i.e. only for use in Canada). This technology provides the option for banks to support many other controls too that can be turned on and off and varied by the credit card owner in real time as circumstances change (i.e., they can change temporal, numerical, geographical and many other parameters on their primary and subsidiary cards). Apart from the obvious benefits of such controls: from a security perspective this means that a customer can have a Chip and PIN card secured for the real world, and limited for use in the home country. In this eventuality a thief stealing the details will be prevented from using these overseas in non chip and pin (EMV) countries. Similarly the real card can be restricted from use on-line so that stolen details will be declined if this tried. Then when card users shop online they can use virtual account numbers. In both circumstances an alert system can be built in notifying a user that a fraudulent attempt has been made which breaches their parameters, and can provide data on this in real time. This is the optimal method of security for credit cards, as it provides very high levels of security, control and awareness in the real and virtual world. Furthermore it requires no changes for merchants at all and is attractive to users, merchants and banks, as it not only detects fraud but prevents it.[citation needed]

Additionally, there are security features present on the physical card itself in order to prevent counterfeiting. For example, most modern credit cards have a watermark that will fluoresce under ultraviolet light. A Visa card has a letter V superimposed over the regular Visa logo and a Mastercard has the letters MC across the front of the card. Older Visa cards have a bald eagle or dove across the front. In the aforementioned cases, the security features are only visible under ultraviolet light and are invisible in normal light. Similar security features are present in paper currency and certain ID cards in the United States, as well.[citation needed]

The Federal Bureau of Investigation and U.S. Postal Inspection Service are responsible for prosecuting criminals who engage in credit card fraud in the United States, but they do not have the resources to pursue all criminals. In general, federal officials only prosecute cases exceeding US$5,000. Three improvements to card security have been introduced to the more common credit card networks but none has proven to help reduce credit card fraud so far. First, the on-line verification system used by merchants is being enhanced to require a 4 digit Personal Identification Number (PIN) known only to the card holder. Second, the cards themselves are being replaced with similar-looking tamper-resistant smart cards which are intended to make forgery more difficult. The majority of smart card (IC card) based credit cards comply with the EMV (Europay MasterCard Visa) standard. Third, an additional 3 or 4 digit Card Security Code (CSC) is now present on the back of most cards, for use in card not present transactions. Stakeholders at all levels in electronic payment have recognized the need to develop consistent global standards for security that account for and integrate both current and emerging security technologies. They have begun to address these needs through organizations such as PCI DSS and the Secure POS Vendor Alliance.[16]

How credit cards work

Credit cards are issued by a credit card issuer, such as a bank or credit union, after an account has been approved by the credit provider, after which cardholders can use it to make purchases at merchants accepting that card. Merchants often advertise which cards they accept by displaying acceptance marks – generally derived from logos – or may communicate this orally, as in "Credit cards are fine" (implicitly meaning "major brands"), "We take (brands X, Y, and Z)", or "We don't take credit cards".

When a purchase is made, the credit card user agrees to pay the card issuer. The cardholder indicates consent to pay by signing a receipt with a record of the card details and indicating the amount to be paid or by entering a personal identification number (PIN). Also, many merchants now accept verbal authorizations via telephone and electronic authorization using the Internet, known as a card not present transaction (CNP).

Electronic verification systems allow merchants to verify in a few seconds that the card is valid and the credit card customer has sufficient credit to cover the purchase, allowing the verification to happen at time of purchase. The verification is performed using a credit card payment terminal or point-of-sale (POS) system with a communications link to the merchant's acquiring bank. Data from the card is obtained from a magnetic stripe or chip on the card; the latter system is called Chip and PIN in the United Kingdom and Ireland, and is implemented as an EMV card.

For card not present transactions where the card is not shown (e.g., e-commerce, mail order, and telephone sales), merchants additionally verify that the customer is in physical possession of the card and is the authorized user by asking for additional information such as the security code printed on the back of the card, date of expiry, and billing address.

Each month, the credit card user is sent a statement indicating the purchases undertaken with the card, any outstanding fees, and the total amount owed. After receiving the statement, the cardholder may dispute any charges that he or she thinks are incorrect (see 15 U.S.C. § 1643, which limits cardholder liability for unauthorized use of a credit card to $50, and the Fair Credit Billing Act for details of the US regulations). Otherwise, the cardholder must pay a defined minimum proportion of the bill by a due date, or may choose to pay a higher amount up to the entire amount owed. The credit issuer charges interest on the amount owed if the balance is not paid in full (typically at a much higher rate than most other forms of debt). In addition, if the credit card user fails to make at least the minimum payment by the due date, the issuer may impose a "late fee" and/or other penalties on the user. To help mitigate this, some financial institutions can arrange for automatic payments to be deducted from the user's bank accounts, thus avoiding such penalties altogether as long as the cardholder has sufficient funds.

creditcard History

The concept of using a card for purchases was described in 1887 by Edward Bellamy in his utopian novel Looking Backward. Bellamy used the term credit card eleven times in this novel.[2]

The modern credit card was the successor of a variety of merchant credit schemes. It was first used in the 1920s, in the United States, specifically to sell fuel to a growing number of automobile owners. In 1938 several companies started to accept each other's cards. Western Union had begun issuing charge cards to its frequent customers in 1921. Some charge cards were printed on paper card stock, but were easily counterfeited.

The Charga-Plate was an early predecessor to the credit card and used in the U.S. from the 1930s to the late 1950s. It was a 2½" × 1¼" rectangle of sheet metal, similar to a military dog tag, and embossed with the customer's name, city and state. It held a small paper card for a signature. In recording a purchase, the plate was laid into a recess in the imprinter, with a paper "charge slip" positioned on top of it. The record of the transaction included an impression of the embossed information, made by the imprinter pressing an inked ribbon against the charge slip.[3] Charga-Plate was a trademark of Farrington Manufacturing Co. Charga-Plates were issued by large-scale merchants to their regular customers, much like department store credit cards of today. In some cases, the plates were kept in the issuing store rather than held by customers. When an authorized user made a purchase, a clerk retrieved the plate from the store's files and then processed the purchase. Charga-Plates speeded back-office bookkeeping that was done manually in paper ledgers in each store, before computers.

The concept of customers paying different merchants using the same card was implemented in 1950 by Ralph Schneider and Frank McNamara, founders of Diners Club, to consolidate multiple cards. The Diners Club, which was created partially through a merger with Dine and Sign, produced the first "general purpose" charge card, and required the entire bill to be paid with each statement. That was followed by Carte Blanche and in 1958 by American Express which created a worldwide credit card network (although these were initially charge cards that acquired credit card features after BankAmericard demonstrated the feasibility of the concept).

However, until 1958, no one had been able to create a working revolving credit financial instrument issued by a third-party bank that was generally accepted by a large number of merchants (as opposed to merchant-issued revolving cards accepted by only a few merchants). A dozen experiments by small American banks had been attempted (and had failed). In September 1958, Bank of America launched the BankAmericard in Fresno, California. BankAmericard became the first successful recognizably modern credit card (although it underwent a troubled gestation during which its creator resigned), and with its overseas affiliates, eventually evolved into the Visa system. In 1966, the ancestor of MasterCard was born when a group of California banks established Master Charge to compete with BankAmericard; it received a significant boost when Citibank merged its proprietary Everything Card (launched in 1967) into Master Charge in 1969.

Early credit cards in the U.S., of which BankAmericard was the most prominent example, were mass produced and mass mailed to bank customers who were thought to be good credit risks; that is, they were unsolicited. These mass mailings were known as "drops" in banking terminology, and were outlawed in 1970 due to the financial chaos that they caused, but not before 100 million credit cards had been dropped into the U.S. population. After 1970, only credit card applications could be sent unsolicited in mass mailings.

The fractured nature of the U.S. banking system under the Glass–Steagall Act meant that credit cards became an effective way for those who were traveling around the country to move their credit to places where they could not directly use their banking facilities. In 1966 Barclaycard in the UK launched the first credit card outside of the U.S.

There are now countless variations on the basic concept of revolving credit for individuals (as issued by banks and honored by a network of financial institutions), including organization-branded credit cards, corporate-user credit cards, store cards and so on.

Although credit cards reached very high adoption levels in the US, Canada and the UK in the mid twentieth century, many cultures were more cash-oriented, or developed alternative forms of cash-less payments, such as Carte bleue or the Eurocard (Germany, France, Switzerland, and others). In these places, adoption of credit cards was initially much slower. It took until the 1990s to reach anything like the percentage market-penetration levels achieved in the US, Canada, or UK. In some countries, acceptance still remains poor as the use of a credit card system depends on the banking system being perceived as reliable. Japan remains a very cash oriented society, with credit card adoption being limited to only the largest of merchants, although an alternative system based on RFIDs inside cellphones has seen some acceptance. Because of strict regulations regarding banking system overdrafts, some countries, France in particular, were much faster to develop and adopt chip-based credit cards which are now seen as major anti-fraud credit devices. Debit cards and online banking are used more widely than credit cards in some countries.

The design of the credit card itself has become a major selling point in recent years. The value of the card to the issuer is often related to the customer's usage of the card, or to the customer's financial worth. This has led to the rise of Co-Brand and Affinity cards - where the card design is related to the "affinity" (a university or professional society, for example) leading to higher card usage. In most cases a percentage of the value of the card is returned to the affinity group.

creditcard

A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services.[1] The issuer of the card creates a revolving account and grants a line of credit to the consumer (or the user) from which the user can borrow money for payment to a merchant or as a cash advance to the user.

A credit card is different from a charge card: a charge card requires the balance to be paid in full each month. In contrast, credit cards allow the consumers a continuing balance of debt, subject to interest being charged. A credit card also differs from a cash card, which can be used like currency by the owner of the card. Most credit cards are issued by banks or credit unions, and are the shape and size specified by the ISO/IEC 7810 standard as ID-1. This is defined as 85.60 × 53.98 mm (3.370 × 2.125 in) (33/8 × 21/8 in) in size.