Trends in Merchant Payment Acceptance

Trends in Merchant Payment Acceptance

December 6, 2007

2007 © BB&T. All rights reserved. Credit approval required. Merchant accounts are issued through

Today’s Speaker: Martin Currin

Martin Currin

has over 17 years of experience at BB&T in payment

processing as both a Merchant Sales Consultant and Merchant Services

Sales Manager. He has been in his current role for almost 10 years. As

Sales Manager, he leads the Merchant Services sales force, which

develops customized solutions for BB&T business clients wanting to accept

cards for payment.

Merchant Services has over 47,000 merchant clients and will process over

$8.5 billion in transaction volume in 2007.

Martin is a graduate of Elon University, in Elon, N.C. Martin and his family

reside in Wilson, N.C.

Current Trends in Electronic Payment Processing

„

Payment Card Industry Data Security Standards

„

Interchange

Payment Methods

Contactless payments

Internet payments

•

Equipment Hardware

•

Virtual Terminal

•

Payment Gateways

Audience Polling

In my personal experience,

1.

One or more of my personal credit or debit card accounts has had

fraudulent transactions due to a merchant card data breach

2.

One or more of my personal credit or debit card accounts has been

reissued because of a merchant card data breach

3.

I have not experienced fraud or card reissuance due to a merchant card

„

The Payment Card Industry Data Security Standard is a result of

collaboration between Visa ® and MasterCard ® to create common industry

security requirements. The program was designed to protect cardholder

data - wherever it resides.

„

All card association member institutions (including BB&T) must be

compliant and are responsible for ensuring the compliance of their

merchants and service providers. The program applies to all payment

channels, including retail (brick-and-mortar), mail/telephone order, and

e-commerce.

„

To achieve compliance, all members, merchants, and service providers

must adhere to the Payment Card Industry (PCI) Data Security Standard,

which offers a single approach to safeguarding sensitive data.

„

For additional information visit www.BBT.com/pci

Current Trends in Electronic Payment Processing

Merchants are required to:

Build and maintain a secure network

1. Install and maintain a firewall configuration to protect data

2. Do not use vendor-supplied defaults for passwords and other security parameters

Protect cardholder data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data and sensitive information across open public networks

Maintain a vulnerability management program

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

Implement strong access control measures

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data

Regularly monitor and test networks

10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes

Maintain an information security policy

12. Maintain a policy that addresses information security

Current Trends in Electronic Payment Processing

*E-commerce also includes the use of any type of Internet Protocol (IP) (broadband, DSL, or Frame Relay connectivity). Even if you do not offer Web-based transactions, there are other services that make systems Internet accessible. Basic functions such as email and employee Internet access will result in the Internet-accessibility of a company's network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled.

Current Trends in Electronic Payment Processing

Payment Card Industry Data Security Standard

„ Who is required to comply and what are the compliance requirements?

All merchants are required to be in compliance with the PCI Data Security Standard. Compliance requirements vary based on the following levels:

„

TJX Corporation

―

Announced data security breach in January 2007

Current information (11/5/2007)

• 94 million Visa and MasterCard cardholders' information exposed.

• 46 million affected customers.

• Visa estimates losses of $65 million to $83 million.

• Investigators confirmed that hackers used wireless equipment to invade TJX’s unprotected database of payment information while driving by or parking near stores owned by the TJX company, including TJ Maxx and Marshall’s.

• Visa recently fined TJX’s merchant bank $880,000, which will likely be passed to TJX.

– MasterCard is yet to issue a fine.

• TJX claims to have spent $256 million on investigations, legal fees, and security enhancements.

Current Trends in Electronic Payment Processing

„

Discount Rate

― Fee charged by the merchant bank to the merchant for services rendered in

connection with processing card sales transactions

„

Interchange

― Fee that the merchant bank must pay the card issuing bank to help offset the card

issuer’s cost of funds and processing costs including: statements, fraud losses, customer support.

― Primary component of the discount rate

― Set and governed by Visa and MasterCard, and are the same for all card-issuing

and merchant acquiring institutions. Rates may change twice annually.

„

Merchant acquirers generally quote a discount rate which is driven by how the

merchant processes. It assumes that a number of processing requirements

are met. If the requirements are not met, the transaction will qualify at another

interchange level. This occurrence is referred to as a “downgrade.”

Minimizing Processing Costs

„

Depending on your method of processing the following tips will assist you in

qualifying at the best rate:

― Electronically authorize all transactions ― Swipe whenever possible

― Accept PIN-based debit ― Batch out daily

― Perform address verification service (AVS) for card not present transactions ― Make sure your business is in the correct merchant category code

― Capture Level II and Level III detail if you accept a significant number of commercial

card transactions

― Ensure authorization and settlement amounts match

„

For a more complete list by industry type, please visit the Merchant Services

Reference Kit at www.BBT.com/merchantservices.

Consumer places telephone (non face-to-face) order for $100, pays by Visa. What are the merchant’s fees for processing this transaction if the merchant:

„ uses AVS / Invoice?

― Mail order telephone order transaction – should qualify at CPS-card not present - credit. • $100 x 2.25 = $2.25

„ does not use AVS / Invoice?

― Mail order telephone order transaction, no AVS / Invoice transaction will downgrade and qualify at Visa EIRF.

• $100 x 2.25 + .75 non-qualified fee = $3.00

• Non–qualified fee - an additional fee charged by card brands to merchant acquirers when a transaction fails to meet set criteria.

For this transaction, the merchant would save $.75 by utilizing AVS / Invoice.

Interchange

Case Study – Using Address Verification Service / Invoice

Assumptions:

Discount rate – 2.25%

„ Contactless Payments are a payment feature that reduces check out time since the

cardholder simply waves his/her payment card in front of a secure reader. If the

transaction is under $25 a signature is not required. The cardholder retains control of the card during the transaction, which reduces the risk of fraud. If all criteria is met, transaction will qualify at card swiped rate.

„ Uses radio frequency identification (RFID) technology

„ MasterCard’s PayPass, Visa’s payWave, American Express’ ExpressPay, Discover’s

Contactless

„ Benefits to the merchant include improved customer experience due to faster checkout

process, increased customer loyalty by offering convenience at point of sale, reduced risk of fraud or employee misuse

„ Great for high-volume, low-dollar merchants such as quick service restaurants,

convenience stores, pharmacies

„ Approximately 41,000 merchant locations accepting Contactless Payments including:

― McDonald’s ― Arby’s ― Walgreens ― CVS Pharmacy

Payment Methods

„

Equipment Hardware

Virtual Terminal

„

Payment Gateways

Payment Methods

BB&T BB&T’sCard Processor

How it works

Payment Methods

„

Credit card terminals processing transactions via a high speed or

broadband connection

―

Ethernet enabled

• Reduces checkout time to 2-4 seconds via an “always on” connection

• Eliminates need for dedicated phone lines – Great for multi-lane

• Offers dial backup

―

Pay at the table

• Reduces fraud as card never leaves cardholder’s hand

• Allows a restaurant merchant to accept PIN debit

―

Wireless

• Allows merchants on the go to process card-present transactions

Payment Methods

Dedicated phone lines no longer needed

Payment Methods

Internet Payments – Equipment Hardware Case Study

„

A virtual terminal allows you to process transactions without having to

purchase a credit card terminal. Virtual terminals can be used by retail and

mail/telephone order merchants in place of software or a credit card terminal.

― Turns any Internet-connected computer into a point-of-sale terminal. Virtual

terminals are an easy-to-implement, easy-to-use, secure, and low-cost solution.

― Quick setup – A browser-based, hosted solution is enabled by simply plugging in

the swipe card reader to your computer – no software is required.

― Risk Management – Sensitive data is not stored on the merchant’s computer but

rather in a PCI-compliant data center.

― Secure – The virtual terminal maintains a locked connection between card reader

and browser, and alerts the merchant if there is an unauthorized attempt to connect to the reader.

― Fast checkout times – Speed up checkout lines and improve customer satisfaction

by authorizing credit card transactions in as little as three seconds.

Payment Methods

Benefits to Businesses

― Utilize any computer connected to the Internet to process a sale, perform

administrative duties, and generate reports

„ Peace of mind

― Simple to set up: Does not require integration or complex PC technical knowledge ― Multiple channels of support including phone, email, and online chat offered 24x7 ― Secure payment processing

― No software to download or upkeep „ Increased revenue

― With improved operational efficiencies and faster authorization and checkout times „ Low startup costs

― No credit card terminal required

Payment Methods

Client Profile

„ Merchants who want to cards, but do not want to purchase credit card equipment.

Examples:

― Startup businesses ― New acceptors

― Retailers that have a computer at their business and want to reduce items on

their point-of-sale countertop

― Mail/telephone order merchants ― Mobile merchants ― Multi-lane ― Recurring billers „ Ideal for: ― Doctors offices ― Trade shows ― Health clubs

― Plumbers, service businesses ― Internet cafes

― Schools and universities ― Caterers

Payment Methods

„

A payment gateway allows a merchant to process online transactions from its

website, turning the website into a point-of-sale terminal while giving increase

the merchant’s sales and providing the customer added convenience.

―

Most gateways offer:

• Multiple integration methods depending on the merchant’s web development resources.

• Compliance, as sensitive data is not stored on the merchant’s computer but rather in a PCI-compliant data center.

• An online resource center that allows the merchant the ability to manage online transactions, create reports, and automatically settle securely.

• A dedicated integration team and support website readily available to assist with any merchant needs.

• Acceptance of:

– Credit and signature debit cards – Visa, MasterCard, American Express ®, and Discover ®

– Electronic checks – Allows customers to pay online with their checking or savings account

– Recurring billing files– Allows customers to automatically be billed on a recurring basis

Payment Methods

Benefits to accepting payments online include:

„

Increased sales

―

Allow your customers to shop when they want to shop

Attract customers out of your geographic market

„

Customer convenience

―

Give your customers the option to pay online

―

An additional feature of most payment gateways is the ability to manually

enter card information to process a transaction if a customer wants to

initiate a phone order

„

Ease of use

―

Seamless integration from the merchant’s website to the payment gateway

Security

―

Cardholder authentication programs help protect merchants from accepting

fraudulent transactions

―

Fraud detection allows the merchant to set filters for online transactions,

such as minimum and maximum dollar amounts

Payment Methods

Risks to accepting payments online

„

Phishing

–

An attempt to criminally and fraudulently acquire sensitive

information, such as user names, passwords, or credit card details, by

masquerading as a trustworthy entity in an electronic communication.

―

Protection

•

Cardholder data is stored in a secured and compliant data center,

never on your computer.

•

The cardholder data entered in the transaction is submitted through

a secure gateway with multiple firewalls and blockers.

„

Identity Theft

–

hen the means of identification has been exploited for an

unlawful purpose.

―

Protection

•

Payment Gateways include cardholder authentication services that

will verify the address and card code submitted to the actual

cardholder information through a national search.

Payment Methods

Client Profile

„ Merchants who want the ability to take online payments and develop a web presence ― Retail merchants who also have a website

― Trade show merchants wanting to increase residual sales ― Merchants that process recurring transactions

Payment Methods

„

My company

1.

Has a website that accepts payments online

2.

Has a website, but does not accept payments online

Does not have a website

Contact Information

Please call 1-866-238-2420 to be connected to a BB&T Merchant Sales

Consultant in your area.

Or visit our website at www.BBT.com/business/products/merchantservices

Evaluation

Your feedback is very important to us!