Trends in Merchant Payment Acceptance

Transcription

1 Trends in Merchant Payment Acceptance December 6, 2007 Credit approval required. Merchant accounts are issued through BB&T Bankcard Corporation, a Georgia Corporation, Member FDIC BB&T. All rights reserved. 1

2 Today s Speaker: Martin Currin Martin Currin has over 17 years of experience at BB&T in payment processing as both a Merchant Sales Consultant and Merchant Services Sales Manager. He has been in his current role for almost 10 years. As Sales Manager, he leads the Merchant Services sales force, which develops customized solutions for BB&T business clients wanting to accept cards for payment. Merchant Services has over 47,000 merchant clients and will process over $8.5 billion in transaction volume in Martin is a graduate of Elon University, in Elon, N.C. Martin and his family reside in Wilson, N.C. 2

3 Current Trends in Electronic Payment Processing Payment Card Industry Data Security Standards Interchange Payment Methods Contactless payments Internet payments Equipment Hardware Virtual Terminal Payment Gateways 3

4 Audience Polling In my personal experience, 1. One or more of my personal credit or debit card accounts has had fraudulent transactions due to a merchant card data breach 2. One or more of my personal credit or debit card accounts has been reissued because of a merchant card data breach 3. I have not experienced fraud or card reissuance due to a merchant card data breach 4

5 Current Trends in Electronic Payment Processing Payment Card Industry Data Security Standard The Payment Card Industry Data Security Standard is a result of collaboration between Visa and MasterCard to create common industry security requirements. The program was designed to protect cardholder data - wherever it resides. All card association member institutions (including BB&T) must be compliant and are responsible for ensuring the compliance of their merchants and service providers. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e- commerce. To achieve compliance, all members, merchants, and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data. For additional information visit 5

6 Current Trends in Electronic Payment Processing Payment Card Industry Data Security Standard Merchants are required to: Build and maintain a secure network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for passwords and other security parameters Protect cardholder data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data and sensitive information across open public networks Maintain a vulnerability management program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications Implement strong access control measures 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly monitor and test networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an information security policy 12. Maintain a policy that addresses information security 6

7 Current Trends in Electronic Payment Processing Payment Card Industry Data Security Standard Who is required to comply and what are the compliance requirements? All merchants are required to be in compliance with the PCI Data Security Standard. Compliance requirements vary based on the following levels: Table provided by Visa and MasterCard *E-commerce also includes the use of any type of Internet Protocol (IP) (broadband, DSL, or Frame Relay connectivity). Even if you do not offer Web-based transactions, there are other services that make systems Internet accessible. Basic functions such as and employee Internet access will result in the Internet-accessibility of a company's network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled. 7

8 Current Trends in Electronic Payment Processing Payment Card Industry Data Security Standard TJX Corporation Announced data security breach in January 2007 Current information (11/5/2007) 94 million Visa and MasterCard cardholders' information exposed. 46 million affected customers. Visa estimates losses of $65 million to $83 million. Investigators confirmed that hackers used wireless equipment to invade TJX s unprotected database of payment information while driving by or parking near stores owned by the TJX company, including TJ Maxx and Marshall s. Visa recently fined TJX s merchant bank $880,000, which will likely be passed to TJX. MasterCard is yet to issue a fine. TJX claims to have spent $256 million on investigations, legal fees, and security enhancements. 8

9 Interchange Discount Rate Fee charged by the merchant bank to the merchant for services rendered in connection with processing card sales transactions Interchange Fee that the merchant bank must pay the card issuing bank to help offset the card issuer s cost of funds and processing costs including: statements, fraud losses, customer support. Primary component of the discount rate Set and governed by Visa and MasterCard, and are the same for all card-issuing and merchant acquiring institutions. Rates may change twice annually. Merchant acquirers generally quote a discount rate which is driven by how the merchant processes. It assumes that a number of processing requirements are met. If the requirements are not met, the transaction will qualify at another interchange level. This occurrence is referred to as a downgrade. 9

10 Interchange Minimizing Processing Costs Depending on your method of processing the following tips will assist you in qualifying at the best rate: Electronically authorize all transactions Swipe whenever possible Accept PIN-based debit Batch out daily Perform address verification service (AVS) for card not present transactions Make sure your business is in the correct merchant category code Capture Level II and Level III detail if you accept a significant number of commercial card transactions Ensure authorization and settlement amounts match For a more complete list by industry type, please visit the Merchant Services Reference Kit at 10

11 Interchange Case Study Using Address Verification Service / Invoice Consumer places telephone (non face-to-face) order for $100, pays by Visa. What are the merchant s fees for processing this transaction if the merchant: uses AVS / Invoice? Mail order telephone order transaction should qualify at CPS-card not present - credit. $100 x 2.25 = $2.25 does not use AVS / Invoice? Mail order telephone order transaction, no AVS / Invoice transaction will downgrade and qualify at Visa EIRF. $100 x non-qualified fee = $3.00 Non qualified fee - an additional fee charged by card brands to merchant acquirers when a transaction fails to meet set criteria. For this transaction, the merchant would save $.75 by utilizing AVS / Invoice. Assumptions: Discount rate 2.25% Non-qualified fee 75 basis points 11

12 Payment Methods Contactless Payments Contactless Payments are a payment feature that reduces check out time since the cardholder simply waves his/her payment card in front of a secure reader. If the transaction is under $25 a signature is not required. The cardholder retains control of the card during the transaction, which reduces the risk of fraud. If all criteria is met, transaction will qualify at card swiped rate. Uses radio frequency identification (RFID) technology MasterCard s PayPass, Visa s paywave, American Express ExpressPay, Discover s Contactless Benefits to the merchant include improved customer experience due to faster checkout process, increased customer loyalty by offering convenience at point of sale, reduced risk of fraud or employee misuse Great for high-volume, low-dollar merchants such as quick service restaurants, convenience stores, pharmacies Approximately 41,000 merchant locations accepting Contactless Payments including: McDonald s Arby s Walgreens CVS Pharmacy 12

13 Payment Methods Internet Payments Equipment Hardware Virtual Terminal Payment Gateways 13

14 Payment Methods Internet Payments How it works BB&T BB&T s Card Processor 14

15 Payment Methods Internet Payments Equipment Hardware Credit card terminals processing transactions via a high speed or broadband connection Ethernet enabled Reduces checkout time to 2-4 seconds via an always on connection Eliminates need for dedicated phone lines Great for multi-lane Offers dial backup Pay at the table Reduces fraud as card never leaves cardholder s hand Allows a restaurant merchant to accept PIN debit Wireless Allows merchants on the go to process card-present transactions 15

16 Payment Methods Internet Payments Equipment Hardware Case Study Dedicated phone lines no longer needed (3 years) 16

17 Payment Methods Internet Payments Virtual Terminal A virtual terminal allows you to process transactions without having to purchase a credit card terminal. Virtual terminals can be used by retail and mail/telephone order merchants in place of software or a credit card terminal. Turns any Internet-connected computer into a point-of-sale terminal. Virtual terminals are an easy-to-implement, easy-to-use, secure, and low-cost solution. Quick setup A browser-based, hosted solution is enabled by simply plugging in the swipe card reader to your computer no software is required. Risk Management Sensitive data is not stored on the merchant s computer but rather in a PCI-compliant data center. Secure The virtual terminal maintains a locked connection between card reader and browser, and alerts the merchant if there is an unauthorized attempt to connect to the reader. Fast checkout times Speed up checkout lines and improve customer satisfaction by authorizing credit card transactions in as little as three seconds. 17

18 Payment Methods Internet Payments Virtual Terminal Benefits to Businesses Convenience and flexibility Utilize any computer connected to the Internet to process a sale, perform administrative duties, and generate reports Peace of mind Simple to set up: Does not require integration or complex PC technical knowledge Multiple channels of support including phone, , and online chat offered 24x7 Secure payment processing No software to download or upkeep Increased revenue With improved operational efficiencies and faster authorization and checkout times Low startup costs No credit card terminal required 18

19 Payment Methods Internet Payments Virtual Terminal Client Profile Merchants who want to cards, but do not want to purchase credit card equipment. Examples: Startup businesses New acceptors Retailers that have a computer at their business and want to reduce items on their point-of-sale countertop Mail/telephone order merchants Mobile merchants Multi-lane Recurring billers Ideal for: Doctors offices Trade shows Health clubs Plumbers, service businesses Internet cafes Schools and universities Caterers 19

20 Payment Methods Internet Payments Payment Gateway A payment gateway allows a merchant to process online transactions from its website, turning the website into a point-of-sale terminal while giving increase the merchant s sales and providing the customer added convenience. Most gateways offer: Multiple integration methods depending on the merchant s web development resources. Compliance, as sensitive data is not stored on the merchant s computer but rather in a PCI-compliant data center. An online resource center that allows the merchant the ability to manage online transactions, create reports, and automatically settle securely. A dedicated integration team and support website readily available to assist with any merchant needs. Acceptance of: Credit and signature debit cards Visa, MasterCard, American Express, and Discover Electronic checks Allows customers to pay online with their checking or savings account Recurring billing files Allows customers to automatically be billed on a recurring basis 20

21 Payment Methods Internet Payments Payment Gateway Benefits to accepting payments online include: Increased sales Allow your customers to shop when they want to shop Attract customers out of your geographic market Customer convenience Give your customers the option to pay online An additional feature of most payment gateways is the ability to manually enter card information to process a transaction if a customer wants to initiate a phone order Ease of use Seamless integration from the merchant s website to the payment gateway Security Cardholder authentication programs help protect merchants from accepting fraudulent transactions Fraud detection allows the merchant to set filters for online transactions, such as minimum and maximum dollar amounts 21

22 Payment Methods Internet Payments Payment Gateway Risks to accepting payments online Phishing An attempt to criminally and fraudulently acquire sensitive information, such as user names, passwords, or credit card details, by masquerading as a trustworthy entity in an electronic communication. Protection Cardholder data is stored in a secured and compliant data center, never on your computer. The cardholder data entered in the transaction is submitted through a secure gateway with multiple firewalls and blockers. Identity Theft When the means of identification has been exploited for an unlawful purpose. Protection Payment Gateways include cardholder authentication services that will verify the address and card code submitted to the actual cardholder information through a national search. 22

23 Payment Methods Internet Payments Payment Gateway Client Profile Merchants who want the ability to take online payments and develop a web presence Retail merchants who also have a website Trade show merchants wanting to increase residual sales Merchants that process recurring transactions 23

24 Audience Polling My company 1. Has a website that accepts payments online 2. Has a website, but does not accept payments online 3. Does not have a website 24

25 Thank You for Participating Today! Contact Information Please call to be connected to a BB&T Merchant Sales Consultant in your area. Or visit our website at Evaluation Your feedback is very important to us! 25