Credit Card Processing Summer Lunch & Learn 2016

AGENDA

1. The Different Ways to Process Cards

2. EMV Chip Cards – What You Need to Know

3. Understanding the Industry’s Complex Pricing Structure

4. American Express – The New Rate/Deposit Plan ….Good News!

5. PCI Security – How to be Compliant to Protect Your Business

https://www.castleworldwide.com/ETA/registry/RegistrySearch.aspx As a Certified Payment Professional: I help businesses lower their costs and  provide efficient processing solutions  13 years experience  Assisted over 1,000+ businesses  Work with Retail, Manufacturing, MOTO  (keyed in sales), Internet, Restaurant,  Schools and more Brad Arnott, Certified Payment Professional Omega Processing Solutions LLC PH: 513‐755‐6501 Email: [email protected] Who You Gonna Call? Who’s Calling You? 1. A Bank rep 2. Telemarketers 3. A salesperson …”I was in the  neighborhood” 4. Certified Payment Professional! VeriFone Vx520 - EMV Ingenico EMV

Ways to Process Credit Cards

Non EMV  VeriFone Integrated With Software:  Sage   Microsoft Dynamics  Another ERP, CRM Solution  or POS Solution Stand‐a‐lone Terminal Mobile  and  Wireless  Solutions Virtual Terminal Add a Card  Swiper to the  Virtual Terminal

Do the Chip Card Dance!!

Why are chip card transactions more secure? 

Chip card transactions offer you advanced security for in store payments by making  every transaction unique. And, your chip card is more difficult to counterfeit or copy.  If the card data and the one‐time code (cryptogram) are stolen, the information  cannot be used to create counterfeit cards and commit fraud. 

Liability Shift Starts October 1, 2015

Merchants that accept chip cards will be protected from fraud losses resulting from in‐store counterfeit. The  liability will shift from issuers to merchants if their payment terminals are not chip‐enabled for in‐store  transactions.  3.4 billion chip payment cards are in use worldwide as of Dec 2014 1.2 billion: the # of payment cards in the US 12 million: the # of POS terminals in the US 37%: % of merchant locations that can process chip cards today 25%: Percentage of US. debit cards issued as EMV cards by end of 2015.  70%: Percentage of consumers with a chip card as of March 31, 2016.

CHIP CARD FACTS*:

*Source: creditcards.com

For more info go to 

www.emv‐

connection.com

or 

www.gochipcard.com

CHIP CARDS 

The Players in Processing

Card Associations

These are organizations such as Visa, MasterCard, American Express and Discover.

Acquiring Bank

The Acquiring Bank is the financial institution that is responsible for the merchant account either directly or indirectly.

Issuing Bank

This is the financial institution that physically provides a credit card to an individual for use.

Processors: Processors provide a point of connectivity for the Merchant to authorize and settle credit card transactions

Merchant Services Provider (MSP) Typically, the Member Service

Provider/Independent Sales Office either handles just sales or possibly sales, service, risk, underwriting, etc.

Payment Gateways: Payment gateways connect the Merchant to the processor that is acting as the front-end connection to the Card Associations.

Processors and Partners

Networks Processors ISOs Resellers Sub ISOs Agents Merchants Banks

Bank Reps …..and 

Telemarketers!!!

It’s Complicated…. Components of

the Price

Where do all the fees collected go?

Issuing Bank (issue cards) Card Brands Acquirer/Sales Organization Processor The sales organization  provides the actual  rates you will pay and  you pay them each  month.

Components of Cost

Interchange:

Interchange accounts forthe largest portion of credit card processing expenseand it's paid to card issuing banks.

Dues and Assessments:

Visa, MasterCard and Discover and Amex make money by charging assessments on every transaction (and some misc. network fees)

Transaction Fees / Monthly Account Fees:

Transaction Fees are charged to cover the cost of Authorizations and Declines. These costs vary based on the negotiated rate with the processor

Monthly Account Fees are charged to cover the general cost of maintaining a merchant account and generating monthly reports, support services, etc.

Interchange Rates: 

The Wholesale Cost of a Card Transaction

Rates are determined by:

(credit, debit, rewards, corp, etc), 

(swipe vs. keyed), 

MCC Code MCC Description Credit Debit All Card Types Total Credit Total Total Debit Total Avg Interchange Avg Tkt

5812 Restaurants 2.20% 46.33% 1.31% 53.67% 1.72% $33.04

5813 Bar 2.05% 28.49% 1.42% 71.51% 1.60% $28.70

5814 Fast Food 2.08% 28.74% 2.10% 71.26% 2.10% $14.71

5921 Misc Retail 1.90% 24.91% 1.47% 75.09% 1.58% $24.03

7230 Barber & Beauty Shops 1.91% 35.61% 1.02% 64.39% 1.33% $50.55

8041 Chiropractors 1.89% 42.25% 1.11% 57.75% 1.44% $65.54

8011 Doctors / Physicians 2.09% 47.05% 1.22% 52.95% 1.63% $100.53

5251 Hardware Stores 2.22% 70.27% 1.08% 29.73% 1.88% $94.99

5261 Lawn & Garden Supply 1.95% 59.75% 0.86% 40.25% 1.51% $79.02

7011 Lodging ‐ Hotels/Motels/Resorts 2.34% 73.21% 0.90% 26.79% 1.96% $178.18 5211 Lumber & Building Materials 2.28% 77.35% 0.74% 22.65% 1.93% $489.20

1711 AC/Heating, Plumbing 2.13% 87.90% 0.86% 12.10% 1.97% $533.09

742 Veterinary Services 1.89% 56.90% 0.73% 43.10% 1.39% $132.80

5511 Auto Dealer ‐ Sales,Service,Repairs, Parts & Leasing

2.09% 64.46% 0.64% 35.54% 1.58% $283.83

Average Cost of Interchange: Notice the Difference by Industry

Must Still Add:  Assessments + Monthly/Transaction Fees + Profit

Pricing Methods

Interchange Plus / Pass Through: Interchange + Dues & Assessments + Processor Fees +Profit …the Interchange and Assessments are passed through directly to the merchant. Processor fees are then added to the statement in line items.

Very transparent pricing

Tiered / Bundled “Bucket Pricing”: Processor categorizes interchange fees into three pricing tiers called “Qualified”, “Mid-Qualified” and “Non-“Mid-Qualified”.Can be up to 6 tiers. The processor fees are added into the tiered pricing levels.

Not transparent pricing

Qualified Mid

Qualified QualifiedNon

Interchange Plus Pricing

Interchange + Dues & Assessments + Processor Fees + Profit Interchange (Bank Issuer): Discount Rate (Processor) .20% ‐ 1.00% % of the Sale  Transaction Fee (Processor) $.04 ‐ $.30/trans Monthly Fees $5 ‐ $15/mo PCI Fees (Compliance) $3 ‐ $30/mo Gateway Fees $10 ‐ $20/mo Dues/Assessments: Range  .11% ‐ .13% Network Fees: $.02/trans (not on Amex) Some smaller miscellaneous fees are not noted  here. Some fees are only charged on certain  transaction types. Visa/MC/Discover/Amex: Processor/Sales Organization: Non Qualified Qualified

Tiered / Bundled Pricing….Also referred to as “Bucket Pricing” The Processor/Sales Organization Determines Which Buckets the Various Card  Types Fall Into. You Typically Overpay With This Pricing Model Mid Qualified Rate Charged….1.75% Swiped Cards, Consumer  Cards COST: Debit card  .18%  Credit card      1.64% Rate Charged…3.50% Swiped or Keyed Cards, Consumer  or Business Cards, Rewards COST: Enhanced Reward card       2.68%  Keyed Reward card      2.17% Corp card 2.23% Rate Charged….2.75% Swiped or Keyed Cards,  Consumer cards, Rewards COST: Reward card      1.78%  Keyed card      1.93%

New American Express Program: 

OptBlue

OptBlue

streamlines the merchants’ card acceptance process, allowing for a 

simplified, quick, and easy way to accept American Express Cards.

One Provider One processing  contact for all  questions, so it’s  easy for merchants  to get answers. One Deposit Merchants get paid  at the same time  as they do for  other card brands  to maximize cash  flow. One Statement A single, simple  statement for all  cards for easier  reconciliation. Processing Partner  Determines Rates Your Partner sets the  price for American  Express® Card  acceptance, which are  typically lower rates!

OptBlue Program: Who’s Eligible

Merchant Criteria Eligible for_{OptBlue for OptBlue}Ineligible

• Estimated to process under $1MM in annual American

Express Charge Volume 

• Located in U.S. only (does not include Puerto Rico, U.S. Virgin

Islands, or any other U.S. Territory) 

• Transact in USD only 

• Included in Prohibited Industry list for OptBlue (listed in

Appendix and American Express Program Operating Regulations) 

• Participates in a Franchise (listed in Appendix and American

Express Program Operating Regulations) 

• Has existing American Express relationship with over $250MM

in American Express Charge Volume annually 

Current: 2.890% + $.15/transaction New: 2.10% + $.15/transaction *

SAVINGS: $197.50 in Savings!!!

Industry Tier 1* Tier 2* Tier 3*

Retail 2.10%   < $75/trans 2.45%    $75‐$1,000/trans 2.90%    > $1,000/trans Service 2.10%   < $400/trans 2.45%    $400 ‐ $3,000/trans 2.90%    > $3,000/trans Restaurant 2.35%   <$25/trans 2.95%    $25 ‐ $150/trans 3.25%    > $150/trans *Average cost, assessments included, $.15/transaction not included. Check with representative for your rates

Opt Blue:  New Rates Determined by Industry and Size of Transaction

Current Rates 2.89% 2.89% 3.50% SAMPLE:  Retail business with sales under $75 per transaction Volume = $25,000/month

PCI Compliance:

Coun

https://www.pcisecuritystandards.org

PCI Compliance 

Just what IS expected of a 

Merchant?

 PCI applies to ANY organization or merchant, regardless of size or 

number of transactions, that accepts, transmits or stores any 

cardholder data

 How to achieve PCI DSS Compliance?

Complete a Self Assessment Questionnaire (SAQ) annually and if 

there is any internet‐based card processing, you will need to pass 

an external vulnerability scan.  The scans are required quarterly.

• ion testing may be d verified through approved vendors 

according to the PCI

Coun

https://www.pcisecuritystandards.org

Self‐Assessment Questionnaires

SAQ C ‐ Merchants with payment application systems connected to the Internet, no electronic  cardholder data storage. Not applicable to e‐commerce channels. SAQ D – E‐commerce merchants, and if card data is stored electronically as part of payment  processing, then this SAQ type will always be applicable.

PCI Compliance 

Sage/Trustwave SECURITY PROGRAM‐

• Approved Scanning Vendor (ASV) Vulnerability Scans • PCI Compliance Tools • PCI Wizard • Security policy templates • TrustKeeper Agent: PCI Monitoring and Security Tools • Trusted Commerce Seal  • Breach Coverage up to $50,000 • Trustwave “Wizard tool” that guides merchants through the SAQs, pre‐ filling answers and speeding up the process • Sage partners with PCI industry experts Trustwave, Inc. for their  merchant PCI program. • Upon boarding, merchant profiles are loaded into the Trustwave  portal  What’s  Included: Getting  Started

1. No firewall in place

Firewall not properly configured (most common) 2. Using default passwords

Commonly known, Searchable online Using noncomplex passwords 3. Not having antivirus software installed

Software and programs not up-to-date Software not on all end points 4. Insecure Remote Access

#1 compromise pathway of today’s hackers Common applications – RDP – LogMeIn – RemotePC – pcAnywhere – GoToMyPC – VPN PCI/General

– Over 816 million records compromised in USA since 2005

– 320 million people in the USA