Trends in Merchant Payment Acceptance
December 6, 2007
2007 © BB&T. All rights reserved. Credit approval required. Merchant accounts are issued through
Today’s Speaker: Martin Currin
Martin Currin
has over 17 years of experience at BB&T in payment
processing as both a Merchant Sales Consultant and Merchant Services
Sales Manager. He has been in his current role for almost 10 years. As
Sales Manager, he leads the Merchant Services sales force, which
develops customized solutions for BB&T business clients wanting to accept
cards for payment.
Merchant Services has over 47,000 merchant clients and will process over
$8.5 billion in transaction volume in 2007.
Martin is a graduate of Elon University, in Elon, N.C. Martin and his family
reside in Wilson, N.C.
Current Trends in Electronic Payment Processing
Payment Card Industry Data Security Standards
Interchange
Payment Methods
―Contactless payments
―Internet payments
•
Equipment Hardware
•
Virtual Terminal
•
Payment Gateways
Audience Polling
In my personal experience,
1.
One or more of my personal credit or debit card accounts has had
fraudulent transactions due to a merchant card data breach
2.
One or more of my personal credit or debit card accounts has been
reissued because of a merchant card data breach
3.
I have not experienced fraud or card reissuance due to a merchant card
The Payment Card Industry Data Security Standard is a result of
collaboration between Visa ® and MasterCard ® to create common industry
security requirements. The program was designed to protect cardholder
data - wherever it resides.
All card association member institutions (including BB&T) must be
compliant and are responsible for ensuring the compliance of their
merchants and service providers. The program applies to all payment
channels, including retail (brick-and-mortar), mail/telephone order, and
e-commerce.
To achieve compliance, all members, merchants, and service providers
must adhere to the Payment Card Industry (PCI) Data Security Standard,
which offers a single approach to safeguarding sensitive data.
For additional information visit www.BBT.com/pci
Current Trends in Electronic Payment Processing
Merchants are required to:
Build and maintain a secure network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for passwords and other security parameters
Protect cardholder data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data and sensitive information across open public networks
Maintain a vulnerability management program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement strong access control measures
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data
Regularly monitor and test networks
10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes
Maintain an information security policy
12. Maintain a policy that addresses information security
Current Trends in Electronic Payment Processing
*E-commerce also includes the use of any type of Internet Protocol (IP) (broadband, DSL, or Frame Relay connectivity). Even if you do not offer Web-based transactions, there are other services that make systems Internet accessible. Basic functions such as email and employee Internet access will result in the Internet-accessibility of a company's network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled.
Current Trends in Electronic Payment Processing
Payment Card Industry Data Security Standard
Who is required to comply and what are the compliance requirements?
All merchants are required to be in compliance with the PCI Data Security Standard. Compliance requirements vary based on the following levels:
TJX Corporation
―
Announced data security breach in January 2007
―Current information (11/5/2007)
• 94 million Visa and MasterCard cardholders' information exposed.
• 46 million affected customers.
• Visa estimates losses of $65 million to $83 million.
• Investigators confirmed that hackers used wireless equipment to invade TJX’s unprotected database of payment information while driving by or parking near stores owned by the TJX company, including TJ Maxx and Marshall’s.
• Visa recently fined TJX’s merchant bank $880,000, which will likely be passed to TJX.
– MasterCard is yet to issue a fine.
• TJX claims to have spent $256 million on investigations, legal fees, and security enhancements.
Current Trends in Electronic Payment Processing
Discount Rate
― Fee charged by the merchant bank to the merchant for services rendered in
connection with processing card sales transactions
Interchange
― Fee that the merchant bank must pay the card issuing bank to help offset the card
issuer’s cost of funds and processing costs including: statements, fraud losses, customer support.
― Primary component of the discount rate
― Set and governed by Visa and MasterCard, and are the same for all card-issuing
and merchant acquiring institutions. Rates may change twice annually.
Merchant acquirers generally quote a discount rate which is driven by how the
merchant processes. It assumes that a number of processing requirements
are met. If the requirements are not met, the transaction will qualify at another
interchange level. This occurrence is referred to as a “downgrade.”
Minimizing Processing Costs
Depending on your method of processing the following tips will assist you in
qualifying at the best rate:
― Electronically authorize all transactions ― Swipe whenever possible
― Accept PIN-based debit ― Batch out daily
― Perform address verification service (AVS) for card not present transactions ― Make sure your business is in the correct merchant category code
― Capture Level II and Level III detail if you accept a significant number of commercial
card transactions
― Ensure authorization and settlement amounts match
For a more complete list by industry type, please visit the Merchant Services
Reference Kit at www.BBT.com/merchantservices.
Consumer places telephone (non face-to-face) order for $100, pays by Visa. What are the merchant’s fees for processing this transaction if the merchant:
uses AVS / Invoice?
― Mail order telephone order transaction – should qualify at CPS-card not present - credit. • $100 x 2.25 = $2.25
does not use AVS / Invoice?
― Mail order telephone order transaction, no AVS / Invoice transaction will downgrade and qualify at Visa EIRF.
• $100 x 2.25 + .75 non-qualified fee = $3.00
• Non–qualified fee - an additional fee charged by card brands to merchant acquirers when a transaction fails to meet set criteria.
For this transaction, the merchant would save $.75 by utilizing AVS / Invoice.
Interchange
Case Study – Using Address Verification Service / Invoice
Assumptions:
Discount rate – 2.25%
Contactless Payments are a payment feature that reduces check out time since the
cardholder simply waves his/her payment card in front of a secure reader. If the
transaction is under $25 a signature is not required. The cardholder retains control of the card during the transaction, which reduces the risk of fraud. If all criteria is met, transaction will qualify at card swiped rate.
Uses radio frequency identification (RFID) technology
MasterCard’s PayPass, Visa’s payWave, American Express’ ExpressPay, Discover’s
Contactless
Benefits to the merchant include improved customer experience due to faster checkout
process, increased customer loyalty by offering convenience at point of sale, reduced risk of fraud or employee misuse
Great for high-volume, low-dollar merchants such as quick service restaurants,
convenience stores, pharmacies
Approximately 41,000 merchant locations accepting Contactless Payments including:
― McDonald’s ― Arby’s ― Walgreens ― CVS Pharmacy
Payment Methods
Contactless Payments
Equipment Hardware
Virtual Terminal
Payment Gateways
Payment Methods
Internet PaymentsBB&T BB&T’sCard Processor
How it works
BB&TPayment Methods
Internet Payments
Credit card terminals processing transactions via a high speed or
broadband connection
―
Ethernet enabled
• Reduces checkout time to 2-4 seconds via an “always on” connection
• Eliminates need for dedicated phone lines – Great for multi-lane
• Offers dial backup
―
Pay at the table
• Reduces fraud as card never leaves cardholder’s hand
• Allows a restaurant merchant to accept PIN debit
―
Wireless
• Allows merchants on the go to process card-present transactions
Payment Methods
Dedicated phone lines no longer needed
Payment Methods
Internet Payments – Equipment Hardware Case Study
A virtual terminal allows you to process transactions without having to
purchase a credit card terminal. Virtual terminals can be used by retail and
mail/telephone order merchants in place of software or a credit card terminal.
― Turns any Internet-connected computer into a point-of-sale terminal. Virtual
terminals are an easy-to-implement, easy-to-use, secure, and low-cost solution.
― Quick setup – A browser-based, hosted solution is enabled by simply plugging in
the swipe card reader to your computer – no software is required.
― Risk Management – Sensitive data is not stored on the merchant’s computer but
rather in a PCI-compliant data center.
― Secure – The virtual terminal maintains a locked connection between card reader
and browser, and alerts the merchant if there is an unauthorized attempt to connect to the reader.
― Fast checkout times – Speed up checkout lines and improve customer satisfaction
by authorizing credit card transactions in as little as three seconds.
Payment Methods
Benefits to Businesses
Convenience and flexibility― Utilize any computer connected to the Internet to process a sale, perform
administrative duties, and generate reports
Peace of mind
― Simple to set up: Does not require integration or complex PC technical knowledge ― Multiple channels of support including phone, email, and online chat offered 24x7 ― Secure payment processing
― No software to download or upkeep Increased revenue
― With improved operational efficiencies and faster authorization and checkout times Low startup costs
― No credit card terminal required
Payment Methods
Client Profile
Merchants who want to cards, but do not want to purchase credit card equipment.
Examples:
― Startup businesses ― New acceptors
― Retailers that have a computer at their business and want to reduce items on
their point-of-sale countertop
― Mail/telephone order merchants ― Mobile merchants ― Multi-lane ― Recurring billers Ideal for: ― Doctors offices ― Trade shows ― Health clubs
― Plumbers, service businesses ― Internet cafes
― Schools and universities ― Caterers
Payment Methods
A payment gateway allows a merchant to process online transactions from its
website, turning the website into a point-of-sale terminal while giving increase
the merchant’s sales and providing the customer added convenience.
―
Most gateways offer:
• Multiple integration methods depending on the merchant’s web development resources.
• Compliance, as sensitive data is not stored on the merchant’s computer but rather in a PCI-compliant data center.
• An online resource center that allows the merchant the ability to manage online transactions, create reports, and automatically settle securely.
• A dedicated integration team and support website readily available to assist with any merchant needs.
• Acceptance of:
– Credit and signature debit cards – Visa, MasterCard, American Express ®, and Discover ®
– Electronic checks – Allows customers to pay online with their checking or savings account
– Recurring billing files– Allows customers to automatically be billed on a recurring basis
Payment Methods
Benefits to accepting payments online include:
Increased sales
―
Allow your customers to shop when they want to shop
―Attract customers out of your geographic market
Customer convenience
―
Give your customers the option to pay online
―
An additional feature of most payment gateways is the ability to manually
enter card information to process a transaction if a customer wants to
initiate a phone order
Ease of use
―
Seamless integration from the merchant’s website to the payment gateway
Security
―
Cardholder authentication programs help protect merchants from accepting
fraudulent transactions
―
Fraud detection allows the merchant to set filters for online transactions,
such as minimum and maximum dollar amounts
Payment Methods
Risks to accepting payments online
Phishing
–
An attempt to criminally and fraudulently acquire sensitive
information, such as user names, passwords, or credit card details, by
masquerading as a trustworthy entity in an electronic communication.
―
Protection
•
Cardholder data is stored in a secured and compliant data center,
never on your computer.
•
The cardholder data entered in the transaction is submitted through
a secure gateway with multiple firewalls and blockers.
Identity Theft
–
When the means of identification has been exploited for an
unlawful purpose.
―
Protection
•
Payment Gateways include cardholder authentication services that
will verify the address and card code submitted to the actual
cardholder information through a national search.
Payment Methods
Client Profile
Merchants who want the ability to take online payments and develop a web presence ― Retail merchants who also have a website
― Trade show merchants wanting to increase residual sales ― Merchants that process recurring transactions
Payment Methods
My company
1.
Has a website that accepts payments online
2.