SAMPLE: Online Transaction Processing

(1)

Market Data / Supplier Selection /

Event Presentations /

Best Practice

/

Template Files / Trends & Innovation



SAMPLE: Online

Transaction Processing

Best Practice Guide

Sample only, please download the full report from:

http://www.e-consultancy.com/publications/online-transaction-processing-guide

(2)

SAMPLE:

Online

Transaction

Processing

Econsultancy Lemon Studios 2nd Floor 85 Clerkenwell Road London EC1R 5AR www.econsultancy.com [email protected] Telephone:

reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording or any information storage and retrieval system, without prior permission in writing from the publisher. Copyright © Econsultancy.com Ltd 2008

(3)

Currencies... 8

4.1

Standard, Single Currency Stores ... 8

4.2

Multi-currency stores ... 8

5.

Risks ... 9

5.1

Risk to the Buyer ... 9

5.2

Risk to the Acquirer ... 9

5.3

Risk to the Merchant ... 10

6.

Fees ... 11

6.1

Acquiring Bank ... 11

6.2

PSP ... 11

7.

Negotiating a Merchant Discount Rate ... 12

7.1

Mitigating Merchant Fraud Risk ... 12

7.1.1 Choice of PSP - PCI DSS accreditation ... 12

7.1.2 Fraud Prevention Tools ... 12

7.1.3 CVC/CVVC/CV2... 13

7.1.4 Address Verification Standard (AVS)... 13

(4)

Online Transaction Processing Best Practice

Guide

8.

Benchmarking Summary ... 16

8.1

Key findings ... 16

8.2

Recommendations ... 18

8.3

Additional Methods of Payment ... 19

8.4

Conclusions ... 20

8.5

What the Experts Say ... 21

9.

Methodology and Respondent Profile ... 22

10.

Benchmarking Data ... 23

10.1

Fulfilment and Compliancy ... 23

10.2

Card Processing ... 24

10.3

Submission and Acquirers ... 25

10.4

Transactions ... 26

10.5

Charges ... 27

11.

Appendix: Graph Summary of Findings ... 29

11.1

Fulfilment cycle ... 29

11.2

Level of compliancy ... 30

11.3

Card processing ... 30

11.4

Method of submission and software used... 31

11.5

Acquirer ... 31

11.6

Number of transactions processed each year ... 31

11.7

Number of charge-backs received last year ... 32

(5)

1.

Introduction

This research is aimed at those involved in e-commerce who want to gain a better understanding of online transaction processing, and to benchmark what they are doing and the fees they paying. The aim of the guide is to provide information to online retailers about processing payments, which can ultimately help to save money, to make money and to avoid pitfalls associated with this complicated area.

The report is focused on online transaction processing in the UK market although some of the content is relevant for merchants in other countries.

Sections 2-7 contains a comprehensive overview of this topic which has been written by Gavin Breeze, an independent consultant, covering processing credit cards, currencies, risks, fees and negotiation of merchant discount rate.

The report also contains benchmarking data from a survey of 29 online retailers from a range of business sectors. These companies were asked about fulfilment, compliance, card

processing, acquiring banks, transactions and charges.

Acknowledgements

Econsultancy wishes to thank Gavin Breeze for his contribution and involvement with producing this report.

About the main author:

Gavin Breeze, who now works as an independent consultant, founded DataCash to provide outsourced payment services in 1997. The company floated on AIM in 2000 and now employs 250 staff in offices based in England, Scotland, Ireland, South Africa, Cyprus, North America and China.

Gavin has built relationships with all UK card acquiring banks and third party value-added service providers. His areas of expertise include credit and debit card, direct debit transaction processing solutions, fraud management solutions, 3DSecure, Chip & PIN, eTopUp and Dynamic Currency Conversion.

His contact details are:

Gavin Breeze Consulting Ltd Email: [email protected]

Telephone: +44 (0)7770 752 563

Sample only, please download the full report from:

(6)

SAMPLE: Online Transaction Processing Page 2

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording or any information storage and retrieval system, without prior permission in writing from the publisher. Copyright © Econsultancy.com Ltd 2008

1.1

About Econsultancy

Econsultancy is the leading source of independent advice and insight on digital marketing and ecommerce.

Our reports, events, online resources and training programmes help a community of over 75,000 registered marketers make better decisions, build business cases, find the best suppliers, look smart in meetings and accelerate their careers.

Econsultancy is an award-winning online publisher of reports covering best practice, user

experience benchmarking, market data and supplier selection aimed at internet professionals that want practical advice on all aspects of ebusiness.

Econsultancy also operates a highly popular training division, used by some of the world’s most prominent brands for staff education, both in-house and via public courses. We provide training across all areas of digital marketing and at all levels from one day courses to diplomas to Masters in Digital Marketing.

In addition, we host more than 100 events a year, such as The Online Marketing Masterclass, regular Supplier Showcases and Roundtables, an annual Future of Digital Marketing event, Digital Cream and a range of social events.

The Econsultancy site now attracts 175,000 unique users per month where they access research, read the blog and take part in discussions in the forums. And as a portal to the digital marketing community, Econsultancy members can also link up with other members and digital suppliers through our directories, as well as find a new job or new digital talent using the job listings. Some of Econsultancy’s client-side members include: Google, Yahoo, MSN, MySpace, BBC, BT, Shell, Vodafone, Yell.com, Dell, Oxfam, Virgin Atlantic, TUI, Barclays, Carphone Warehouse, IPC Media, Deloitte and Touche, T-Mobile and Estée Lauder.

Join Econsultancy today to learn what’s happening in digital marketing – and what

works.

Call us to find out more on +44 (0)20 7681 4052 or contact us online.

Further Econsultancy Reading:

E-commerce Beginner’s Guide

http://www.e-consultancy.com/publications/e-commerce-beginners-guide/ Online Retail Checkout Special

http://www.e-consultancy.com/publications/online-retail-checkout-2007/ E-commerce Request for Proposal template

http://www.e-consultancy.com/publications/e-commerce-rfp-request-for-proposal/

E-commerce Platforms Buyer’s Guide

http://www.e-consultancy.com/publications/e-commerce-platforms-buyers-guide-2007/

Sample only, please download the full report from:

(7)

2.

Understanding the Online Transaction

Process

The Transaction Process

A. Card Authorisation:

1. Customer enters card details on Payment Page. 2. Payment page can either be hosted by:

i. The merchant (which, among other benefits, has the advantage of ensuring complete control of branding and the look and feel). ii. A hosted payment page, provided by the Payment Service Provider

(PSP).

3. PSP initiates an authorisation request to the merchant’s Card Acquiring bank. 4. Acquiring bank forwards authorisation request to Card Issuer and receives a

response.

5. Acquiring bank returns response to PSP, who then forwards it to the merchant.

B. Settlement

1. PSP will batch all successfully authorised transactions and send them to the acquirer as an end-of-day settlement file.

2. Acquirer will, depending on the terms agreed with merchant, settle funds into merchant’s designated bank account typically three days later (less any charge-backs).

Sample only, please download the full report from:

(8)

3.

Processing Credit Cards: Where to start,

who to contract

From the perspective of the online retailer or the “merchant”, the two key relationships required to take payment by cards over the internet are with an Acquiring Bank and a Payment Services Provider (PSP).1

3.1

Role of Acquiring Bank

A Card Acquirer is the division of a bank through which you, the merchant, are connected to the card schemes such as Visa, MasterCard and Amex. These card schemes themselves provide connection to the card issuers.

The card issuers, in turn, are the companies that have the relationships with the cardholders. Sometimes, because a bank can be both a card acquirer and a card issuer such as Barclays or NatWest, the card processing “map” can cause some confusion to new merchants.

For the avoidance of doubt, an acquirer has relationships with merchants; a card issuer has relationships with consumers. The bridges between them are the various card schemes.

An acquiring bank will give you a Merchant ID (MID) and set a price (a Merchant Discount Rate) to process the authorisations of the various card schemes as well as for paying (or “Settling”) the authorised transactions into your designated bank account.

It is important that you are aware that not all high street retail banks offer acquiring services. Furthermore, you do not need to bank with the same bank as your acquirer.

A list of the main acquiring banks active in the UK is given in Section 7.2.

3.2

Role of the Payment Services Provider (PSP)

A PSP (also sometimes called a Payment Gateway) is responsible for providing the means by which you connect your website to your chosen acquiring bank.

It converts the information on the card (name, number etc.) into the specific file formats required by your acquiring bank and then passes back to you the response to the authorisation message (most usually a yes or no). It batches all your successfully authorised transactions and sends them to the acquiring bank for settlement typically as a batch file once a day.

1_{It is possible to buy the equivalent of a PSP’s services as standalone software, which then needs to be deployed in your} own infrastructure. This option is not typically recommended as it requires a comparatively high upfront capital cost, significant technical resources to deploy and an extended level of in-house knowledge to maintain compliance with card scheme security standards. Moreover, almost all software solutions are very card-centric and are not capable of processing many of the alternative financial instruments becoming increasingly commonplace on the internet, such as PayPal.

(9)

3.2.1 Connecting to PSPs

PSPs provide two alternative methods of connecting your site to the acquiring bank:

A Hosted Payment page.

A hosted payment page is one hosted by the PSP, on their secure infrastructure.

 Pros

– Simple to integrate.

– Responsibility for security (i.e. SSL Certificates) and card scheme compliance (i.e. PCI DSS;

Section 7.1.1) is devolved to the PSP.

– Especially suitable for small merchants with limited processing volumes.

 Cons

– It is often, but not always, apparent to the consumer that they are leaving your site to go somewhere else to complete the payment stage.

– Usually requires accepting the PSP’s branding on the payment page.

– Only suitable for online transactions (i.e. if you have a call centre or high street presence, you will not be able to use this solution).

– Restricted functionality and control.

– Speed of transaction processing can be slower than using an API

– Limited integration into your own CRM and other back office systems.

An API

An API (Application Programming Interface) is a set of procedures or functions that an operating system provides in order to support and manage requests from computer programmes.

 Pros

– Unbranded as the payment page is your page hosted on your infrastructure.

– Highly flexible functionality.

– Speed – typically under 2 seconds from beginning to end of the process.

– Can be used across all your retail channels by integrating it to your call centre middleware and POS applications.

– PSPs offering API integration usually support a wider selection of payment types such as Direct Debit, PayPal, ELVs etc.

 Cons

– Integration requires a higher level of technical capability in-house than a hosted payment page.

– Requires deployment of SSL certificates on your servers.

– Merchant needs to think about PCI DSS compliance as you will be touching, however briefly, your buyers’ card details.

(10)

Sample only, please download the full report from:

3.3

Accepted Card Schemes

3.3.1 National

In the UK, the global card schemes of Visa, MasterCard, American Express and Diners are all easily recognised.

Each card scheme, both domestic and international, has its own rules governing how and where their cards are used. For example, some local domestic debit cards issued in mainland Europe can only be used in the offline, physical world.

Meanwhile, in the pure online world, some cards can only be processed if you are set up for 3D-Secure (Section 7.1.5). An example of this lies with what used to be Switch, which is now under the Maestro brand. Given that this represents a significant proportion of the typical UK merchant’s online transactional volume, it becomes a very important reason to make sure your PSP is capable of supporting 3D-Secure processing and that it is deployed on your site.

3.3.2 International

As a merchant, you will want to make it possible for as many people as possible, in as many places as possible, to buy from you.

3.3.3 Direct Debits

Although most UK acquirers and PSPs support all of the globally accepted credit and debit cards issued by Visa, MasterCard, Amex etc, one notable exception to this are Direct Debits.

Acquiring banks only deal with cards and if you need to accept Direct Debits you will need to talk to a different department within your bank, in order to apply for an Originator’s Identification Number (OIN).

Sample only, please download the full report from:

(11)

5.

Risks

The media often plays on the fears of the general public about the insecure nature of buying on the internet. The truth is that the honest consumer, using personal cards to buy online, is highly unlikely to be exposed to any risk.

5.1

Risk to the Buyer

Fraud risk to the buyer comes mainly from the loss or theft of their card details, not from merchant fraud, or from the inherent technical insecurity of the internet.

The consumer is protected, in the EU in particular, by strong consumer protection legislation that makes it easy and possible to defend yourself from fraudulent use of your card for up to six months after the transaction took place.

5.2

Risk to the Acquirer

It is worth outlining what risks there are to the acquiring bank, as some merchants fail to understand why their bank wants to charge them specific fees in relation to this.

The two biggest risks an acquirer takes on with a new merchant are merchant fraud and risk of insolvency.

5.3

Risk to the Merchant

Consumer Fraud

Whatever steps a merchant takes to prevent consumer fraud they are never entirely safe. This can vary across many levels, whether it be from a few one-off incidents, to organised, highly

professional direct attacks.

Financially, fraud will hit a merchant in many ways: from loss of revenue through charge-backs, through to loss of stock and possibly fines for exceeding charge-back levels agreed with an acquiring bank.

Excessive exposure to fraud can quickly drive a business into insolvency. It is highly

recommended that vendors look at putting in place all the various anti-fraud measures that they can, in order to combat this.

Loss of card data

If, for whatever reason, personal card data is stored on a merchant’s servers, they are exposing themselves to a greater risk on a number of levels.

(12)

6.

Fees

6.1

Acquiring Bank

Fees set by your acquiring bank are determined by their assessment of the risk factors described in the previous sections.

Credit card fees are set as a percentage of value, while debit card fees are set as a fixed fee per transaction. Credit fees can range from 1% for a very large merchant with a long track record, probably a high street presence, a sound business model, a well implemented risk management strategy and a high average transaction value. At the other end of the scale, a new merchant may well expect to pay 3.5% to 4%.

Meanwhile debit card fees can typically be between 5p to 30p per transaction, varying for the same reasons.

6.2

PSP

Fees from your PSP will depend very much on the range of services you are looking to buy from them. Because of the wide variation in fee structures it is well worth spending some time reviewing your options. They fall into two main models:

Sample only, please download the full report from:

(13)

7.

Negotiating a Merchant Discount Rate

With an Acquirer

For a new merchant this can be a bewildering and long-winded exercise that can often go on for months, sometimes ending in rejection or stringent terms.

Through a PSP

Increasingly, PSPs are able to help merchants with their application whatever the size of your business.

7.1

Mitigating Merchant Fraud Risk

It is an important part of your application to your acquiring bank to be able to demonstrate you understand the issues and have a plan to deal with risk.

(14)

8.

Benchmarking Summary

Econsultancy carried out a survey of 29 online retailers, in order to benchmark how merchants are managing their online transactions, which payment service providers they are using and how much they are paying.

These retailers cover a wide range of sectors, from fashion and computing through to luxury products and electronics.

Between them, the respondents have processed in excess of 16 million unique transactions within the last 12 months, within a total marketplace of approximately 310m online payments in the UK. Therefore, our data is representative of around 5% of the total UK market.

Econsultancy believes that our findings are indicative of the marketplace and the subject of this research report as a whole.

Sample only, please download the full report from:

8.1

Key findings

Transaction Processing Fees

 Transaction fees for both credit and debit cards vary noticeably. It is difficult to establish what is driving these differences, as there appear to be no fixed industry guidelines or trends.

 Credit card transaction fees are mostly charged on a percentage value of the transaction.

– Our respondents ranged from 0.85% (the lowest) to 3.0% (the highest) in percentage of transaction fee charges.

Use of Cards Software Security

Sample only, please download the full report from:

(15)

8.3

Additional Methods of Payment

Can merchants make more money through additional payment methods?

A number of retailers that we have spoken to at various Econsultancy conferences and

roundtables wanted to know how much incremental revenue could be gained by introducing additional payment methods.

This includes allowing the customer to convert offline through telephone or mobile payment, but also encompasses other online options such as Visa 3-V, the pre-pay, top-up credit card.

Sample only, please download the full report from:

(16)

9.

Methodology and Respondent Profile

Information about the benchmarking survey, including a spreadsheet for completion, was emailed to a selection of online retailers from the Econsultancy user base during Q3, 2008. The survey was completed by 29 companies. Econsultancy would like to thank those who took the time to participate in this research.

As well as the quantitative data gathered, we also gained insights from the comments sent with the submissions.

The survey covers various aspects relating to online transactions, including: Current charges on processing transactions.

The number of transactions processed by card type. The software used.

If you have any questions about this research, please contact Linus Gregoriadis at Econsultancy ([email protected])

The majority of respondents to this survey are e-commerce managers, directors and financial controllers. They work for retailers of various sizes that operate online and offline, or online only. Different sectors are represented, including fashion, lingerie, footwear, sportswear, jewellery, toiletries and skincare, office supplies, children's collectable items, luxury lifestyle, computer hardware and consumer electronics.

(17)

10.

Benchmarking Data

10.1

Fulfilment and Compliancy

Nature of business: What is the

fulfillment cycle?

What level of compliancy do you currently have?

CVV (3 digits on reverse of cards signature strip) AVS (address verification) VBV (3D-Secure, Verified by Visa, and MasterCard Secure Code) PCI DSS (Payment Card Industry Data Security Standard) Mail order -

women’s wear Same day Yes Yes Yes Mail Order - Footwear 5-7 days No No No No

Office supplies Next Business Day Yes Yes Partially Yes

Online retailer - Lingerie within 24 hrs No Yes No Yes

Jewellery Next Day Yes Yes Yes Yes

Mail Order/Retail- Clothing 48 hours processing, from order to delivery. No Yes No Yes

Retail Same day Yes Yes Yes

Cosmetics etailer Same day Yes Yes No In progress

Fashion Retail Immediate Yes Yes Yes ?

Fashion Retail Footwear Immediate Yes Yes Yes ?

eCommerce - Toiletries Same day Yes Yes No No

Online Retail - Clothes, shoes

accessories, skincare within 24 hours Yes Yes No

No

Online retailer Next day delivery Yes Yes No Yes

Mail order (Retail Fashion) 24 Working Hours Yes Yes In Progress In Progress

Mail order Same day Yes No No Yes

Mail Order/Retail- Clothing Within 48 Hrs Yes Yes No No

Mail Order - Children's Collectable Stickers and Cards and Mail Order merchandise under license

48 hrs Yes Yes No Yes

Luxury Lifestyle Retailer

Online + Offline showroom Same day Yes Yes No

Yes

Computer hardware 2 days Yes Yes Yes Yes

Online Retailer - Consumer

Electronics Same day Yes Yes No

No

Mail order -

sportswear 48 hours Yes Yes Yes

Yes

Sports mail order Same day Yes Yes No In Progress

(18)

n award-winning online publisher of reports

r training

e Econsultancy

r contact us online

http://www.e-consultancy.com/publications/e-commerce-beginners-guide/

http://www.e-consultancy.com/publications/online-retail-checkout-2007/

http://www.e-consultancy.com/publications/e-commerce-rfp-request-for-proposal/

http://www.e-consultancy.com/publications/e-commerce-platforms-buyers-guide-2007/

SAMPLE: Online Transaction Processing

Market Data / Supplier Selection /

SAMPLE:

Contents

Currencies... 8

7.1.2 Fraud Prevention Tools ... 12

Key findings ... 16

Level of compliancy ... 30

processing, acquiring banks, transactions and charges.

Acknowledgements

About the main author:

Sample only, please download the full report from:

Join Econsultancy today to learn what’s happening in digital marketing – and what

Further Econsultancy Reading:

Sample only, please download the full report from:

A. Card Authorisation:

B. Settlement

Sample only, please download the full report from:

who to contract

Role of the Payment Services Provider (PSP)

3.2.1 Connecting to PSPs

A Hosted Payment page.

An API

Sample only, please download the full report from:

3.3.2 International

Sample only, please download the full report from:

Risk to the Acquirer

Risk to the Merchant

Consumer Fraud

Loss of card data

Acquiring Bank

Sample only, please download the full report from:

With an Acquirer

Mitigating Merchant Fraud Risk

Benchmarking Summary

Sample only, please download the full report from:

Transaction Processing Fees

Sample only, please download the full report from:

Can merchants make more money through additional payment methods?

Sample only, please download the full report from:

Benchmarking Data

Nature of business: What is the

Online Retail - Clothes, shoes

Luxury Lifestyle Retailer