AND
V
ENDOR
S
ELECTION
The purpose of this document is to assist University of California campuses and departments in selecting an internet payment gateway provider for internet commerce applications. The recommendations in this document are the result of a system-wide initiative undertaken by the Banking Services Group (BSG) during Fiscal year
2001/2002. They are based on services, pricing and agreements negotiated by BSG on behalf of the entire UC community. Although use of these vendors by any campus or department is not mandatory, use of these services and agreements are strongly
recommended. Due to the substantial benefits in pricing and negotiating power we were able to achieve with a system-wide relationship with these vendors, and considering that the agreements will already be in place, use of them should prove beneficial to all involved. Any services used by any UC organization falling outside of these system-wide arrangements, whether they exist prior to or subsequent to the establishment of these system-wide agreements, should be reported and justified to the Banking Services Group (see Contact Information below).
Background
BSG initiated the project to find a system-wide provider of Internet Payment Gateway (IPG) services in July 2001. All campuses were invited to participate in the following ways:
Submitting their requirements for an Internet Payment Gateway Attending meetings to discuss the project
Submitting comments on the Request for Proposal (RFP), the vendor list, and the evaluation process
Scoring the written proposals submitted
Scoring the presentations made by the Finalists
The RFP, issued November 1, 2001, incorporated consolidated requirements for all campuses that submitted them. Two different types of solutions were requested:
(1) Outsourced model, utilizing a hosted transaction gateway/ASP pricing model; (2) In-House model, assuming a software purchase run on our own servers
operate in an Outsourced mode, while gaining the benefits available with an In-House solution.
The RFP was sent to 17 vendors and was posted to a public website hosted by UCOP. 11 proposals were received, including four that were unsolicited. Eight campuses (including UCOP) submitted scores on the proposals. Each campus score had equal weight. Based on the scores submitted, using the cost per quality point method for evaluation (which UC is required to use for procurement of these services) three Finalists were named - two providing both In-House and Outsourced solutions and one providing just an Outsourced solution. The finalists gave business and technical presentations to a system-wide audience. Eight campuses submitted scores for the presentation phase.
Based on the combined scores from the written proposals and the presentations, as well as reference checks and further financial analysis made by BSG, the following vendors were awarded the Internet Payment Gateway UC System-wide business:
Outsourced Transaction Gateway In-House Software Purchase
Cybersource Cybersource
Authorize.net
Outsourced versus In-house Solutions
Because of the very diverse needs within the University of California system, we anticipate that there is no single solution that can meet each and every need that exists within the system. Campuses with very decentralized IT and financial management may find it impractical to purchase and support an in-house payment gateway. Campuses with the right infrastructure and organizational alignment may choose to make the up-front investment for an in-house solution, benefiting from the increased control of their data and processes. A third option is also possible, where UCOP hosts a payment gateway (i.e. a software installation) that can be accessed by other campuses or departments. This would allow the campuses to operate in an outsourced model, yet provide the benefits of an in-house solution (e.g. control over data, more flexible reporting, increased business flexibility).
Factor Outsource In-House Cost Lower start-up cost. Does not
generally require investment in hardware or software. Pay per transaction.
Requires up-front investment in hardware, software and
telecommunications. Generally becomes cost effective with high volume of transactions, however the breakeven point must be calculated based on specific project costs.
Deployment Timeframe
Typical implementation timeframe is measured in days
Typical implementation timeframe is 1 - 3 months Ongoing
Support
Minimal maintenance required in-house. Rely on vendor for support.
Requires ongoing maintenance and support in-house, along with vendor support via Software Maintenance Agreement. Reporting & Integration with Existing Systems
Reporting is limited to what is provided by the vendor. No direct access to transaction data.
Transaction data resides in-house. Maximum flexibility for reporting.
Limited availability of data fields that can be used for user-defined data. Vendors generally provide one or two, 50 – 55 character fields to store this type of data in their data base.
More flexibility to store user-defined fields.
Business Flexibility
Can direct transactions to different processors and merchant banks, since each merchant is set up
independently.
Connections to the processor(s) must be built, making it costly to support multiple processor relationships.
Settlement process and timing is dictated by vendor. Limited to one settlement per day. No ability to initiate settlement process manually.
Flexibility over settlement timing. Merchants can choose from five different settlement options (time, periodic, dollars, batch size, manual).
Bank debit transactions must go through vendor’s partner and bank relationships.
Bank debit transactions can utilize UC’s existing bank relationships.
Factor Outsource In-House Business
Flexibility (cont’d)
Cannot consolidate card-present transactions into data base, at least initially. When the
functionality becomes available, those transactions would be assessed a transaction fee.
Can consolidate card-present transactions into the data base without additional transaction cost.
Data
Security Credit card numbers and other sensitive data stored by vendor. Access determined by vendor’s security procedures.
Credit card numbers and other sensitive data stored on site. UC is responsible for securing the data and controlling access to it.
Vendor Summaries
While selecting two outsourcing vendors was not the initial intent of the process, offering both, we believe, is the best way to meet the very diverse needs of the UC system. The vendor proposals and presentations are posted on the password protected web site listed below. Contact BSG (see Contact information below) for access.
https://projectpoint.buzzsaw.com/client/ucopmaterielmanagement
Authorize.net Summary
Authorize.net is a wholly owned subsidiary of InfoSpace. They clearly won the UC business based on their extremely low price. Though they scored consistently lower in all Requirements categories, they ended up with the top score on a cost per quality point basis. While we do not recommend this vendor for enterprise-level applications, we feel that the value proposition they provide will meet many standalone or department-level needs within the UC system. Their average daily transaction volume is 133,300.
There are no start-up costs to use this service. Implementation is generally accomplished using documentation and FAQ’s available on Authorize.net’s web site, with
customer/technical support via telephone and e-mail. Transaction cost is $0.03 (total cost for authorization and settlement) along with a $10 per month charge per merchant. They do offer the ability to initiate bank debits as well as credit card payments, however until BSG has approved the bank relationships used in the process, that functionality cannot be utilized. The functionality of the system, reporting and technical infrastructure are basic, but do meet our minimum standards. Because the system has limited capability to view Merchant activity on a consolidated basis, and is not designed to offer hierarchical relationships (i.e. limited ability to view and control individual merchant activity at a campus-wide level), the best fit for this service would be simple, standalone, low-budget applications.
Authorize.net does not offer an in-house solution, so if migration to an in-house solution (either hosted on campus or by UCOP), is being considered, a factor to keep in mind is that starting with Authorize.net would require redesign of the system interface at the time of migration.
Cybersource Summary
Cybersource is viewed as an industry leader in risk management and electronic payment technology for electronic payment processing. Its infrastructure is designed to ensure reliability, scalability, availability, security, and fraud protection for very large merchants, counting many Fortune 1000 companies among their customers. Their customer service and general corporate organization are also designed to support these types of clients (as opposed to servicing “Mom and Pop”- type merchants). Their average daily transaction volume is 500,000-2,000,000.
Start-up cost for Transaction Services (outsourced mode) range from $100 - $746, depending on the hierarchical structure of the internet merchant accounts on the campus. Optional implementation support is offered, ranging in price from $3,371 - $7,496 with UC discounts applied. Without an implementation package, implementation support is offered via their Online Customer Support Center and e-mail. Transaction costs depend on UC’s overall consolidated volume, ranging from $0.085 - $0.136 (total cost for authorization and settlement). Transactions may be subject to a minimum monthly charge.
In addition to outsourced transaction gateway service, Cybersource also has an in-house software solution. They have a unified API which allows relatively easy migration from one mode to the other.
We recommend this vendor for any enterprise level application, if a merchant needs to utilize Cybersource’s robust offering of value-added services, or if a campus is planning to migrate from an outsourced to an in-house solution. While Cybersource offers the ability to initiate bank debits, until BSG has evaluated the bank relationships involved in the process that service cannot be utilized.
Authorize.net versus Cybersource Comparison
To assist in deciding between Outsourcing Vendors, we have prepared the following side by side comparison.
Category Authorize.Net Cybersource
General
Characteristics of Service and Vendor
Simple and basic provider for department-level applications. Product designed primarily for standalone merchants with limited need for roll-up of
transactions and information (i.e. system is not designed for hierarchical merchant
relationships). Only provides outsourced solution. Significant portion of merchant growth is through Reseller relationships.
Robust infrastructure and technology ensures full
scalability, reliability and service for complex, enterprise-level customers. Numerous value-added services add to product functionality and customer service options. Was also awarded in-house IPG business. Uses unified API which allows, from a merchant’s perspective, relatively easy migration from outsourced to in-house solution. Maintains strategic relationships with major credit card
associations and processors. Offers consulting services. Value-added
Services
For additional cost, can utilize third party services for fraud screening and customer authentication services. Other merchant-defined filters available.
For additional cost, can utilize services for risk/fraud detection, tax calculation, distribution control, fulfillment management, gift certificate/promotional services. Merchants can flag credit card numbers to block future transactions.
Consulting services available through their Solutions Group on a per hour basis. Quotes are based on service needed.
Consulting services available through their Professional Services Group. Quotes are based on service needed.
Category Authorize.Net Cybersource Relevant
Credit Card Processor Certification
First Data Corp – Nashville Vital
Note: Most current UC merchants operate on the FDC North Platform. Our internet merchant authorization
transactions would go through Nashville, with settlement transactions “bridged” to the North platform by FDC.
First Data Corp – Nashville First Data Corp – South Vital
Note: Most current UC merchants operate on the FDC North Platform. Our internet merchant authorization
transactions would go through Nashville, with settlement transactions “bridged” to the North platform by FDC. Start-up Cost $0 $100 - $746 per merchant,
depending on merchant account hierarchy in place at a campus. Optional implementation support packages available for $3.4K - $7.5K, depending on the package selected. 1 Transaction
Cost
$0.03 (total cost for
authorization and settlement) $10 per month per merchant No monthly minimum
$0.085 - $0.136 (total cost for authorization and settlement), depending on consolidated UC transaction volume.2
Monthly minimum fees may apply, depending on how merchant accounts are structured. 2
New Merchant Start-up Process
Once a campus gets set up, merchants can be added by a campus administrator on-line in a matter of minutes.
Once a campus is set-up, merchants can be added by sending request form to Cybersource, with set-up complete in 1 day
Batch Size Limitation
None None 1Descriptions of the Implementation Options are available from the Banking Services Group (contacts at
the end of this document) or your campus Credit Card Coordinator
2 Due to the confidentiality of pricing, pricing specifics can be obtained by from the Banking Services
Category Authorize.Net Cybersource Batch
Settlement Timing and Notification
Once per day, time can be specified by the merchant
Once per day, around midnight (after our current processor’s cut-off time)
E-mail notice sent upon batch settlement
No e-mail notification of settlement
Business Functionality
Ability to process card-present transactions due Q3/02 (only from PC-based terminals)
No plans for card-present consolidation disclosed Data Access On-line access for 24 rolling
months. Offline available for seven years.
On-line access for six rolling months. No offline availability. Two user-defined fields
available in data base, each 55 characters long. Other fields not stored in the data base can be sent with the transaction data and is re-associated with the transaction result returned back to the campus.
One user-defined field stored in data base, 50 characters.
Access to Credit Card Numbers
Full credit card numbers stored and retrievable in data base. Can be masked by user ID.
Full credit card numbers not retrievable from data base for security reasons
Reporting Only one hierarchy level available, reporting only summary information (using Reseller reporting tools). Detail level information is only
available at the merchant level, using merchant-specific log-in.
If Enterprise Support package is purchased, super-merchant sign-on is available, allowing those users the ability to view and consolidate transactions in subordinate merchant accounts. Transaction analysis tools available.3
No customizable reports. Data can be downloaded in tab-delimited format.
No customizable reports. Reports can be downloaded in XML or CSV formats.
3For a description of the Enterprise Support Package, contact the Banking Services Group (contacts at the
Category Authorize.Net Cybersource Reporting
(cont’d)
An unlimited amount of data can be sent to the gateway along with the transaction data that is used for the payment.
Authorize.net will keep this data temporarily and re-associate it with the authorization response, and return all the data back to the merchant. Gateway Interface Options HTTPS form post SSL socket C/C++ Perl Java COM objects System Reliability 99.2% availability in 2001 99.95% availability in 2001 System problems communicated
via merchant web-site in general; under certain circumstance e-mails are sent.
Significant system problems communicated via e-mail. With Enterprise Support, will also receive phone call. 3
System
Redundancy Details not disclosed Robust and well-documented infrastructure for data, connection, and server redundancy
Data Security Utilizes RSA 128 bit encryption Utilizes RSA 1024
private/public key encryption Disaster
Recover Plan
DRP will be presented to Board of Directors 5/02, with target implementation by year-end 2002.
Well designed DRP (could not be shared). Warm back-up site outside of CA planned for Q2/02.
Billing Billing statements available electronically, via e-mail, or on paper. Billed by merchant, or rolled up to a consolidated bill per campus.
Electronic and paper billing statements available. Can bill by merchant, campus, or system-wide.
Service Support
Telephone and e-mail support: 6:00am – 11pm PT, 7 X 365
Telephone and e-mail support: 7:00am – 7:00pm PT, M – F 24 X 7 Operations Support
available 24 X 7 Operations Support available
3For a description of the Enterprise Support Package, contact the Banking Services Group (contacts at the
Category Authorize.Net Cybersource Service
Support (cont’d)
One level of Service offered, but UC will have a Relationship Manager available for escalation of issues.
Basic Service includes telephone and e-mail support and access to Support Center.
Premium Service (Enterprise Support) includes assigned Technical Support Manager, priority response and escalation of issues, and administrative and analytical tools not otherwise available.3
Current customer satisfaction rating: 5.4 out of 6.0 scale Average call hold time: 2 – 5
minutes. Recent performance indicates hold times of under 2 minutes.
80% of calls answered within 10 seconds.
Telephone Support: Basic: 4-hour response commitment, handled out of general service pool.
Enterprise: Direct call to dedicated Technical Account Manager, 1-hour response guaranteed. 3
Call Abandon rate: 16% Call Abandon rate: 3%
24 hour turnaround for e-mails Basic: 4 hour turnaround for e-mails
Enterprise: 1 hour turnaround for e-mails 3
3
For a description of the Enterprise Support Package, contact the Banking Services Group (contacts at the end of this document) or your campus Credit Card Coordinator
Category Authorize.Net Cybersource Service
Support (cont’d)
Training documentation on their web site.
Training and implementation support available via online support center and e-mail. One day onsite training available for $3746.
Optional implementation packages available for $3371-7496. Includes orientation, planning assistance, technical support manager, and telephone support1
1Descriptions of the Implementation Options are available from the Banking Services Group (contacts at
the end of this document) or your campus Credit Card Coordinator
Service Initiation
Until further notice, new service under any of the Agreements discussed in this document should be coordinated through the Banking Services Group.
Contact Information
This document, and future updated versions of it, will be posted on the Office of the Treasurer website at www.ucop.edu/treasurer, under Banking Services. For questions or comments, or to report internet payment gateway relationships outside of these preferred providers, please contact the Banking Services Group:
Stephanie Dang, Senior Manager [email protected] 510-987-9652 Jerry Frantz, Assistant Director [email protected] 510-987-9637 Jeffrey Donahue, Senior Treasury Analyst [email protected] 510-987-9640
