Payment Gateway Solutions

Payment

Asseco SEE in Turkey – Payment Gateway Solutions

12 years of experience in Card Not Present (CNP) Payment Processing

Payment Gateway Solutions in Turkey, Poland, Romania, Cyprus and Russia
One and only independent e-Payment Gateway in Turkish Market

More than 15.000 e-Merchants

6 million card transactions per month
39% market share in Turkey

3D Secure solutions (90% market share)
Multi-national customer base

PCI - DSS certified

Service & Product Portfolio

1. Hosted Payment Gateway Services 2. Professional Services

3. Packaged Solutions

Customer Base

Software Solutions

Hosted Payment

Payment

Trends in e

Trends in e

-

-

Commerce & Online Payments

Commerce & Online Payments

Samile Mümin

“Business Development Director”

Source: J.P. Morgan

Global e-Commerce Trends

Source:The Department of Commerce, Internet World Stats, J.P.

Source: Forrester Research

Source: The eMarketer View

Source: Innopay

e-Commerce Trends in Europe

e-Commerce Volume in Turkey ($000,000)

Source: BKM (Interbank Card Center of Turkey)

925

1.609

3.691

6.059

6.849

10.153

0

2.000

4.000

6.000

8.000

10.000

12.000

2005

2006

2007

2008

2009

2010

…and Poland

• Russia, Poland and the Czech Republic are the leading B2C E-Commerce countries in Eastern European region

.

yStats.com

• “In Poland, online share of retail trade expected to go up to 3,5% in 2011”

The Centre for Retail Research

• “In whole Europe; Poland will witness the highest increase in online sales in 2011 (up 36% - European average expected to be 18.7%)”

Kelkoo

• “The Polish e-commerce has registered an 18% growth in earnings in 2010, with the sector expected to earn around USD 1.65 million. If online auctions are added, the expected amount is set to reach USD 4.94 million”

Warsaw Business Journal

• “The number of Polish e-stores has seen a 28% growth in 2010”

Types of e-Commerce

• Direct sales to final customer (typically retail trade over the Internet) • Standart list prices, no negotiation, relatively smaller ticket size… E.g: Amazon.com, Home Depot, Toys R Us, thy.com

B2B (Business-to-Business)

• e-Commerce transactions between businesses, such as between a manufacturer and a

wholesaler, or between a wholesaler and a retailer. Unlike B2C, price may vary based on order amount and can be subject to negotiation.

C2C (Consumer-to-Consumer)

C2C is an Internet-facilitated medium that involves transactions between consumers utilizing a third-party. The most common example of C2C is the online auction (e.g: eBay, Allegro)

P2P (Peer-to-Peer)

Peer-to-peer (P2P) e-Commerce concept refers putting individuals in direct contact with each other and enable them share/trade over the Internet. No intermediary unlike C2C(e.g: Napster, gnutella)

G2C (Government to Citizen / Government to Customer)

General description of individual transactions made with Government over the Internet. (e.g: Tax payments, online fee / licence payments, fines settlements etc.)

C2B (Consumer-to-Business)

Individuals offer products and services to companies and the companies pay them(e.g:elance.com)

Types of e-Commerce

Most Common Beginner Mistakes

1- No Concrete Business Model / Insufficient Analysis of Revenue Model

2- Key Strengths / Competitive Advantages (cheaper, faster, unique, better?)

3- Website Design Mistakes: Make it user friendly, clear, precise, and easy to find. Keep your links up to date. Design your content so that an elementary school kid can understand your site

4- Unclear, inconsistent product & service categories. Poor product definitions and catalogues.

5- Logistics: Delivery problems, delays, problems with inventory items

7- Waiting for the customers to come to your store.

Mostly Sold Items?

Source: The Interbank Card Center (BKM)

27,9% 4,9% 6,6% 8,2% 16,4% 18,0% 21,3% 29,5% 50,8% Others Car Rental Accomodation Food Order Flights & Travel Health & Cosmetic Products Books, CD, DVD, Games Outfit & Accesories Electronics & Computer (and parts)

Latest Developments in e-Commerce

•

Group Buying

•

“Generic is Dead, Long Live Niche!..”

•

s-Commerce, m-Commerce, t-Commerce

•

Watch “Cosmetics, Clothing and Food!

•

e-Commerce Customer Services

•

Professional Executives Get Involved with e-Commerce

•

Foreign Investment Inflow

•

e-auctioneers Gets More Pro!..

NestPay - Virtual POS Solution

21

Acquirer Bank

or Processor

Issuer Bank

Bank & Merchant Integration 7 x 24 Support

Shared VPOS Platform

Fraud&Security (3D Secure) Reporting

Payment Authorization Request

Hosted Payment Gateway - Value Proposition

Fast Enterance to the market
Low Cost of Ownership

High ROI

No system development cost
We adopt to the bank

We maintain competitive advantage for the bank
No additional personnel

We integrate the merchants
We train the merchants
We support the merchants

• ASEE moves cardholder data from Merchant’s environment to EST’s PCI DSS compliant storage facility

• EST Process eCommerce payments via unique identifiers created by Merchant Safe for each card.

• Significantly reduces the scope of PCI-DSS compliance

• Eliminates manual tasks related to card data storage and transaction • Liability shift related to card data theft (from merchant to EST)

• Easier monitoring of recurring payments

• Card data can be matched with any parameter (Insurance Number, Mobile etc.)

“Merchant Safe: Credit Card Data Matching & Secure Storage”

• Solutions for institutions that accept high volume of scheduled payments.

• e.g. Insurance companies, associations & clubs collecting periodical fees and all sort of companies that sell on scheduled installments

• The solution allows merchants to instruct the system on how and when to process the payment: Once the instructions are transferred to MassPay, the payments are processed by the system, avoiding resource inefficiency and manual processes. • Increase efficiency, eliminate manual processes.

• Handle various payment scenarios like uncollected funds, multiple cards etc.

“MassPay: High Volume Payments”

 Motor vehicle tax payments by using Credit Crads via internet

 EST Integrated PGW on Web Channel

 514 Tax Office + 7 Banks + 3000 VPOS

 3D Secure Infrastructure

 Online Fine Payment

 Custom Reconciliation Reports

e-Collection of Taxes

Number of Tax e-Payments

* As on March 12th 2009 ** 3 month average 2009 574,827 2010 1,313,798 2011Q1 769,673 2011P 3,540,000

e-Goverment Collections

 About 860,000 Turks have applied for a tax restructuring program that reduces some debts and allows others to be paid in installments

 EST will integrate PGW on Web Channel for participating banks

 +6000 tax office integration

 3D Secure Infrastructure

 Custom Reconciliation Reports

e-Goverment Collections

B2B

Payments

“NestCollect: Specific Solution for Dealer & Agent Payments”

2. Dealer/Agent enters its ID. NestCollect lists all pre-registered cards that can be used for the payment

 Dealer can create “optimum” payment mix by choosing different aquirerers based on loyalty campaigns, card limit, campaigns etc.

 Dealer can create payment simulation

 EST led the project for the airline company to mitigate fraud and ease their operations.

 3D Secure Verified by Visa and MasterCard SecureCode

 EST Integrated 3D Secure infrastructure allowing easy process for cardholders and blocking fraudsters. EST Integrated flight information with payment and fraud

systems to better combat fraud

 The airline company is much better equipped with consolidated views to fight fraud Example: Customer;

- from Egypt IP address,

- using a credit card issued in South Africa - getting a ticket from Istanbul to Pakistan - flight departs in next 2 days,

Mitigating Fraud and Easing Operations

Airlines

 Buyer matches his credit card with his Loyalty Card at the station using VPOS infrastructure

 Following paymens are done via Loyalty Card at the pump. No need to leave the car!

 RFID Technology

 EST stores card data (Merchant Safe)

 Customer earns both Loyalty Card points and Credit Card points

 Same Loyalty Card can be matched with more than one Credit Card

Loyalty Card = Credit Card

Scope

o First “Pay & Pass” Project o 1068 Station

o 9912 of card matching in 2011Q1

“Pay & Pass” – Petrol Stations

 Turkey’s No:1 Mobile Network Operator

 Customer can get his mobile number matched to his credit card

 EST stores card data (Merchant Safe)

 Infrastructure for Mobile Payments via CC

 No transaction amount limitation unlike Direct Billing or SMS payments

 Enable MNO to create its own merchant network

Mobile No = Credit Card Data

Scope

o 33 Million Potential Customer

Mobile Number & Credit Card Matching

 Customer: 12 City Municipalities

 Card owners can Top-Up their city cards with their credit cards

 EST stores card data (Merchant Safe)

 No development or customization on bank side

 No need for ticket, coins or change

 Quick collection in public transport

 Transparency on public transportation tevenues

Automated Collections

Scope

o 14.000 top-up in 2011Q1

Municipalities - City Cards

 Enabling physical shops to use Virtual POS infrastructure to manage their Card Present transactions

 Suitable for merchants with many distributors/agents in different locations

 VPOS Merchant Advantages: Central control and monitoring, “one only” card payment infrastructure (as oppose to various POS machines) standard reporting, ease of

secondary transactions (cancellations, credit etc..)

 Merchants want to get same central management functionality for physical transactions too. So, they can get rid of a big portion of manual work of dealing with each and every single POS machine but rather have a central control over one POS network.

Physical Shopping With Virtual POS Infrastrucure

Coming Soon…

• No downloads stored on phone

• No pre-registration or wallet required

• Payments charged direct to credit/debit card

• No purchase value constraints (no micro-payment limit or premium sms level) • PCI DSS Level 1 compliance

CNP Payments via Mobile Phones

Coming Soon…

To be continued…

 VAT Refunds

 Social Insurance Payments

 Legal fee and stamp duty payments

 Integration With Other Payment Methods (eTransfers, dTransfers)

 s-Payments

Trends in e

Trends in e

-

-

Commerce & Online Payments

Commerce & Online Payments

Samile Mümin

“Business Development Director”

e

e

-

_-

Payments

_Payments

Emre Özpınar

eCommerce Payment

1. Credit and Debit Cards with VPOS

2. Bank transfers

3. Standardized bank transfers: iDEAL, Giropay ...

4. Electronic money

What is a vPOS

•

Counterpart of physical POS in an online world, helps merchants

to acquire money by using payment schemes networks.

•

It has an online reporting interface which helps merchants to

query their past sales. It also has security and fraud features.

•

Supports everything a physical POS can do, supports loyalty

Issuing

Institution

Acquiring

Institution

MOTO Domain

Merchant

Consumer

VPOS Visa, MasterCard Diners, Discovery, American Express Retail Banking

Issuing

Institution

Acquiring

Institution

VPOS Domain

Merchant

Consumer

Issuing

Institution

Acquiring

Institution

VPOS Domain with 3D Secure

Merchant

Consumer

Issues in VPOS?

Charge-back

•

Credit and debit card sales are not final, cardholders may reject the sale marking it

fraud. Each card brand has its own procedures and protections for end users. At the

end merchants lose money for the goods that they’d already sold.

Merchant Credit problems

•

Most financial institutions are not willing to let small or newly founded merchants

to use a VPOS. They consider it risky, and they don’t have the tools and knowledge

to manage them.

Merchant Customer Data Theft

•

Merchants have limited knowledge and resources on IT security, customer data

VPOS Suggestions

•

For starter merchants, volume limited VPOS

•

Using security strategies (3D Secure, Tokenization)

•

Passing VPOS knowledge to the branches of acquirer

•

Be aware of VPOS sharing without the knowledge of the acquiring institution

•

e-Government Projects

Bank B

Bank A

Bank Transfers

Merchant

Consumer

Bank B

Bank A

Bank B

Bank A

Standardized transfers

iDEAL, Giropay

Merchant

Consumer

e-Money Provider

Electronic Money (Paypal,

WebMoney, cashU)

Merchant

Consumer

Mobile Operator

Mobile Operator Invoice

Merchant

Consumer

hack

1. to cut, notch, slice, chop, or sever (something) with or as with heavy, irregular blows (often followed by up or down ): to hack meat; to hack down trees.

Maginot Line

It took nine years for the French to build,

Mostly found on emails

Nigeria, Congo

Lottery or prize

Lawyer of a wealthy

Too good to be true

Attacks on systems processing card data

Internet facing web servers and applications are under risk

Sony PlayStation Network (April 2011, 77 million users)

Risk Reduction Strategies

 Identity focus, verify

 3D Secure

 Tokenisation and Data Elimination

 PCI-DSS

Extended Validation Certificate (EV)

IE (only if you share your browsing history with Microsoft)

3D SECURE Ecosystem

Issuer Bank

• Setups Access Control Server (ACS)

• Registers with card brand directory

• Educates cardholders

Acquirer Bank

• Provides Merchant Plug In (MPI) to merchants

• Registers merchants to card brand directory

Cardholders

• Protect themselves to online fraud by using an extra measure

Merchants

Tokenization

•

Replace card data with controlled tokens

•

Prevents theft of card data over merchants

•

Merchants lower their risk, and still process transactions

•

Merchants transfer the responsibility to 3rd party, make PCI

PCI-DSS for Systems

 Build and Maintain a Secure Network

 Protect cardholder data

 Maintain vulnerability management programs

 Implement strong access control measures

 Regularly Monitor and test networks

•

Standards for software vendors

•

Targets the security of card data, align with PCI-DSS

•

Prevents storing highly sensitive data (such as CVV2 or PIN)

•

Most of the companies who had their card data stolen, did not

know that they have this data.

•

PA-DSS does apply to payment applications that are typically sold

and installed “off the shelf” without much customization by

software vendors.

•

PA-DSS does NOT apply to payment applications offered by

application or service providers only as a service

PCI Security Standards Validation Requirements

Level

Merchant criteria

Validation requirements

1

Merchants processing more than six million Visa transactions

annually via all channels or global merchants identified as level one by any Visa region.

•Annual Report on Compliance (ROC) to follow an on-site audit by either a Qualified Security Assessor or qualified internal security resource

•Quarterly network scan by Approved Scan Vendor (ASV)

2

Merchants processing one million to six million Visa transactions annually via all channels.

•Annual Self-Assessment Questionnaire (SAQ) •Quarterly network scan by ASV

3

Merchants processing 20,000 to one million Visa e-commerce transactions annually.

•Use a service provider that has certified their PCI DSS compliance

OR

Have certified their own PCI DSS compliance to the acquirer (who must, on request, be able to validate that compliance to Visa Europe) (SAQ)

4

E-commerce merchants only

Merchants processing fewer than 20,000 Visa e-commerce

transactions annually.

•Use a service provider that has certified their PCI DSS compliance

OR

•Have certified their own PCI DSS compliance to the acquirer (who must, on request, be able to validate that compliance to Visa Europe) (SAQ)

Non e-commerce merchants Merchants processing up to one million Visa transactions annually.

•Annual SAQ

PCI Merchant Self Assessment Questionnaire (SAQ)

SAQ

Description

Questions

A Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants.

11

B Imprint-only merchants with no electronic cardholder data storage, or standalone, dial- out terminal

merchants with no electronic cardholder data storage

21

C-VT Merchants using only web-based virtual terminals, no electronic cardholder data storage

21 C Merchants with payment application systems connected

to the Internet, no electronic cardholder data storage

38 D All other merchants not included in descriptions for SAQ

types A through C above, and all service providers defined by a payment brand as eligible to complete an SAQ.

e

e

-

_-

Payments

_Payments

Emre Özpınar