INTERNET PAYMENT GATEWAY GUIDELINES



Similar documents
Merchant Payment Solutions

Merchant Integration Guide

OnSite 7.0 Setting Up A Merchant Account

Merchant Payment Solutions

ANZ Secure Gateway Virtual Terminal QUICK REFERENCE GUIDE NOVEMBER 2015

The DirectOne E-Commerce System

Merchant Account Reports

The Wells Fargo Payment Gateway Business Center. User Guide

Table of Contents. Revision

Attachment A. Forms. Request for Proposal Number 4724Z1

Enabling Secure Payment Processing On Your Site. A guide to accepting and managing online payments for e-commerce

Setting Up a CyberSource Web Payment Account

MARYLAND STATE TREASURER S OFFICE Louis L. Goldstein Treasury Building 80 Calvert Street, Room 109 Annapolis, Maryland 21401

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely

Product Brief. Intacct Financials & Accounting. Intacct General Ledger

ADDENDUM NUMBER TWO RE: RFP : ELECTRONIC PAYMENT PROCESSING AND OTHER COMMERCE SERVICES

Adobe Digital Publishing Security FAQ

a CyberSource solution Merchant Payment Solutions

Merchant Integration Guide

a CyberSource solution Merchant Payment Solutions

uturenet & its Document Imaging Services

IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES

Credit Card Overview & Processing Guide entrée Version 3

Security Best Practices

Realex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1

Online Payment Processing What You Need to Know. PayPal Business Guide

CyberSource Business Center

CyberSource and NetSuite Getting Started Guide

NAPBS Background Verification Request for Proposal Guide

Your gateway to card acceptance.

Enterprise SSL FEATURES & BENEFITS

Cello How-To Guide. Cello Billing

BUSINESS GUIDE. Online Payment Processing. What You Need to Know

Introduction and Background

Public Versus Private Cloud Services

Product. Corillian Business Online Corporate Treasury Management Solution on the Industry s Best Online Banking Platform

Town of Fairview, Texas Request for Proposal Merchant Card Services

Merchant Payment Solutions

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

CBIO Security White Paper

For a full comparison of Magento Enterprise and Magento Community, visit Magento Feature List

UCSB Credit Card Processing and PCI Compliance

Fax Cover Sheet and Application Checklist Attention: Craig Storms Company: Authorize.Net

Application Performance Monitoring/Management (APM) Request for Information (RFI) CH

Active Directory & Consolidation Project. Category: Enterprise IT Management Initiatives. State of Missouri

Shared Accounting Module Trading Partner Integration Guide

Corporate Bill Analyzer

Policies and Procedures. Merchant Card Services Office of Treasury Operations

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Answers for Merchant Service RFP Questions

Authorize.net modules for oscommerce Online Merchant.

ProjectManager.com Security White Paper

For a full comparison of Magento Enterprise and Magento Community, visit Magento Feature List

City of Prineville Request for Proposal (RFP) RFP # For Banking Services

Swedbank Payment Portal Implementation Overview

PAYMENT GATEWAY AND OPTIONAL MERCHANT ACCOUNT SETUP FORM

New Customer Workbook

A: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

RFP#15-20 EXHIBIT E MERCHANT SERVICES INFORMATION SHEET

Yahoo! Merchant Solutions. Order Processing Guide

3. Will we be able to submit both CPF Payment Advice(s) and IRAS submissions one PAT Is integrated with my payroll software?

5 STEPS TO LOWER YOUR PAYMENT PROCESSING FEES

VoipNow Automation Integrated Payment Plug-ins. For more information about VoipNow Automation, check: Copyright PSA.

INTRODUCTION. What is a Merchant Account? Myth Buster!

Business and enterprise cloud sync, backup and sharing solutions

Reseller Interface. Reference Guide

Introducing MachPanel v.5

Guidelines for Claims Management System Selection

Site Management Abandoned Shopping Cart Report Best Viewed Products Report Control multiple websites and stores from one

First Data Global Gateway Connect User Manual. Version 1.3

Creating and Managing Custom Payment Processors in Blackbaud

Migrate from Exchange Public Folders to Business Productivity Online Standard Suite

MAGENTO - SETUP PAYMENT PLANS

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

University at Buffalo Learning Management and Performance Management System Request for Information # 14CBW0036

Canopy Wireless Broadband Platform

How To Use Nest For An Employer

Introducing MachPanel v.5

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Volume PLANETAUTHORIZE PAYMENT GATEWAY. vtiger CRM Payment Module. User Guide

Exhibit A to RFP-SG STATEMENT OF WORK (SOW) Banking Services

echeck.net Operating Procedures and User Guide

Virtual Terminal & Online Portal

Electronic Transaction Market Industry Whitepaper. Systech Corporation Internet Payment Gateways

Elavon Payment Gateway Integration Guide- Remote

VERIFONE PAYWARE SOLUTIONS

Transcription:

INTERNET PAYMENT GATEWAY GUIDELINES FOR PAYMENT PROCESSING MODEL AND VENDOR SELECTION The purpose of this document is to assist University of California campuses and departments in selecting an internet payment gateway provider for internet commerce applications. The recommendations in this document are the result of a system-wide initiative undertaken by the Banking Services Group (BSG) during Fiscal year 2001/2002. They are based on services, pricing and agreements negotiated by BSG on behalf of the entire UC community. Although use of these vendors by any campus or department is not mandatory, use of these services and agreements are strongly recommended. Due to the substantial benefits in pricing and negotiating power we were able to achieve with a system-wide relationship with these vendors, and considering that the agreements will already be in place, use of them should prove beneficial to all involved. Any services used by any UC organization falling outside of these systemwide arrangements, whether they exist prior to or subsequent to the establishment of these system-wide agreements, should be reported and justified to the Banking Services Group (see Contact Information below). Background BSG initiated the project to find a system-wide provider of Internet Payment Gateway (IPG) services in July 2001. All campuses were invited to participate in the following ways: Submitting their requirements for an Internet Payment Gateway Attending meetings to discuss the project Submitting comments on the Request for Proposal (RFP), the vendor list, and the evaluation process Scoring the written proposals submitted Scoring the presentations made by the Finalists The RFP, issued November 1, 2001, incorporated consolidated requirements for all campuses that submitted them. Two different types of solutions were requested: (1) Outsourced model, utilizing a hosted transaction gateway/asp pricing model; (2) In-House model, assuming a software purchase run on our own servers While most campuses did not, at the time, feel that an In-House solution was feasible for them, the possibility of UCOP hosting an In-House solution that could be utilized by other campuses was presented as an option. This essentially would allow campuses to

Guidelines for IPG Processing Model Page 2 of 12 operate in an Outsourced mode, while gaining the benefits available with an In-House solution. The RFP was sent to 17 vendors and was posted to a public website hosted by UCOP. 11 proposals were received, including four that were unsolicited. Eight campuses (including UCOP) submitted scores on the proposals. Each campus score had equal weight. Based on the scores submitted, using the cost per quality point method for evaluation (which UC is required to use for procurement of these services) three Finalists were named - two providing both In-House and Outsourced solutions and one providing just an Outsourced solution. The finalists gave business and technical presentations to a system-wide audience. Eight campuses submitted scores for the presentation phase. Based on the combined scores from the written proposals and the presentations, as well as reference checks and further financial analysis made by BSG, the following vendors were awarded the Internet Payment Gateway UC System-wide business: Outsourced Transaction Gateway Cybersource Authorize.net In-House Software Purchase Cybersource Outsourced versus In-house Solutions Because of the very diverse needs within the University of California system, we anticipate that there is no single solution that can meet each and every need that exists within the system. Campuses with very decentralized IT and financial management may find it impractical to purchase and support an in-house payment gateway. Campuses with the right infrastructure and organizational alignment may choose to make the up-front investment for an in-house solution, benefiting from the increased control of their data and processes. A third option is also possible, where UCOP hosts a payment gateway (i.e. a software installation) that can be accessed by other campuses or departments. This would allow the campuses to operate in an outsourced model, yet provide the benefits of an in-house solution (e.g. control over data, more flexible reporting, increased business flexibility). To assist in this important decision, we ve put together the following comparison chart:

Guidelines for IPG Processing Model Page 3 of 12 Factor Outsource In-House Cost Deployment Timeframe Ongoing Support Reporting & Integration with Existing Systems Business Flexibility Lower start-up cost. Does not generally require investment in hardware or software. Pay per transaction. Typical implementation timeframe is measured in days Minimal maintenance required in-house. Rely on vendor for support. Reporting is limited to what is provided by the vendor. No direct access to transaction data. Limited availability of data fields that can be used for userdefined data. Vendors generally provide one or two, 50 55 character fields to store this type of data in their data base. Can direct transactions to different processors and merchant banks, since each merchant is set up independently. Settlement process and timing is dictated by vendor. Limited to one settlement per day. No ability to initiate settlement process manually. Bank debit transactions must go through vendor s partner and bank relationships. Requires up-front investment in hardware, software and telecommunications. Generally becomes cost effective with high volume of transactions, however the breakeven point must be calculated based on specific project costs. Typical implementation timeframe is 1-3 months Requires ongoing maintenance and support in-house, along with vendor support via Software Maintenance Agreement. Transaction data resides inhouse. Maximum flexibility for reporting. More flexibility to store userdefined fields. Connections to the processor(s) must be built, making it costly to support multiple processor relationships. Flexibility over settlement timing. Merchants can choose from five different settlement options (time, periodic, dollars, batch size, manual). Bank debit transactions can utilize UC s existing bank relationships.

Guidelines for IPG Processing Model Page 4 of 12 Factor Outsource In-House Business Flexibility (cont d) Data Security Cannot consolidate card-present transactions into data base, at least initially. When the functionality becomes available, those transactions would be assessed a transaction fee. Credit card numbers and other sensitive data stored by vendor. Access determined by vendor s security procedures. Can consolidate card-present transactions into the data base without additional transaction cost. Credit card numbers and other sensitive data stored on site. UC is responsible for securing the data and controlling access to it.

Guidelines for IPG Processing Model Page 5 of 12 Vendor Summaries While selecting two outsourcing vendors was not the initial intent of the process, offering both, we believe, is the best way to meet the very diverse needs of the UC system. The vendor proposals and presentations are posted on the password protected web site listed below. Contact BSG (see Contact information below) for access. https://projectpoint.buzzsaw.com/client/ucopmaterielmanagement Authorize.net Summary Authorize.net is a wholly owned subsidiary of InfoSpace. They clearly won the UC business based on their extremely low price. Though they scored consistently lower in all Requirements categories, they ended up with the top score on a cost per quality point basis. While we do not recommend this vendor for enterprise-level applications, we feel that the value proposition they provide will meet many standalone or department-level needs within the UC system. Their average daily transaction volume is 133,300. There are no start-up costs to use this service. Implementation is generally accomplished using documentation and FAQ s available on Authorize.net s web site, with customer/technical support via telephone and e-mail. Transaction cost is $0.03 (total cost for authorization and settlement) along with a $10 per month charge per merchant. They do offer the ability to initiate bank debits as well as credit card payments, however until BSG has approved the bank relationships used in the process, that functionality cannot be utilized. The functionality of the system, reporting and technical infrastructure are basic, but do meet our minimum standards. Because the system has limited capability to view Merchant activity on a consolidated basis, and is not designed to offer hierarchical relationships (i.e. limited ability to view and control individual merchant activity at a campus-wide level), the best fit for this service would be simple, standalone, low-budget applications. Authorize.net does not offer an in-house solution, so if migration to an in-house solution (either hosted on campus or by UCOP), is being considered, a factor to keep in mind is that starting with Authorize.net would require redesign of the system interface at the time of migration.

Guidelines for IPG Processing Model Page 6 of 12 Cybersource Summary Cybersource is viewed as an industry leader in risk management and electronic payment technology for electronic payment processing. Its infrastructure is designed to ensure reliability, scalability, availability, security, and fraud protection for very large merchants, counting many Fortune 1000 companies among their customers. Their customer service and general corporate organization are also designed to support these types of clients (as opposed to servicing Mom and Pop - type merchants). Their average daily transaction volume is 500,000-2,000,000. Start-up cost for Transaction Services (outsourced mode) range from $100 - $746, depending on the hierarchical structure of the internet merchant accounts on the campus. Optional implementation support is offered, ranging in price from $3,371 - $7,496 with UC discounts applied. Without an implementation package, implementation support is offered via their Online Customer Support Center and e-mail. Transaction costs depend on UC s overall consolidated volume, ranging from $0.085 - $0.136 (total cost for authorization and settlement). Transactions may be subject to a minimum monthly charge. In addition to outsourced transaction gateway service, Cybersource also has an in-house software solution. They have a unified API which allows relatively easy migration from one mode to the other. We recommend this vendor for any enterprise level application, if a merchant needs to utilize Cybersource s robust offering of value-added services, or if a campus is planning to migrate from an outsourced to an in-house solution. While Cybersource offers the ability to initiate bank debits, until BSG has evaluated the bank relationships involved in the process that service cannot be utilized.

Guidelines for IPG Processing Model Page 7 of 12 Authorize.net versus Cybersource Comparison To assist in deciding between Outsourcing Vendors, we have prepared the following side by side comparison. Category Authorize.Net Cybersource General Characteristics of Service and Vendor Value-added Services Simple and basic provider for department-level applications. Product designed primarily for standalone merchants with limited need for roll-up of transactions and information (i.e. system is not designed for hierarchical merchant relationships). Only provides outsourced solution. Significant portion of merchant growth is through Reseller relationships. For additional cost, can utilize third party services for fraud screening and customer authentication services. Other merchant-defined filters available. Consulting services available through their Solutions Group on a per hour basis. Quotes are based on service needed. Robust infrastructure and technology ensures full scalability, reliability and service for complex, enterprise-level customers. Numerous valueadded services add to product functionality and customer service options. Was also awarded in-house IPG business. Uses unified API which allows, from a merchant s perspective, relatively easy migration from outsourced to in-house solution. Maintains strategic relationships with major credit card associations and processors. Offers consulting services. For additional cost, can utilize services for risk/fraud detection, tax calculation, distribution control, fulfillment management, gift certificate/promotional services. Merchants can flag credit card numbers to block future transactions. Consulting services available through their Professional Services Group. Quotes are based on service needed.

Guidelines for IPG Processing Model Page 8 of 12 Category Authorize.Net Cybersource Relevant Credit Card Processor Certification First Data Corp Nashville Vital Note: Most current UC merchants operate on the FDC North Platform. Our internet merchant authorization transactions would go through Nashville, with settlement transactions bridged to the North platform by FDC. First Data Corp Nashville First Data Corp South Vital Note: Most current UC merchants operate on the FDC North Platform. Our internet merchant authorization transactions would go through Nashville, with settlement transactions bridged to the North platform by FDC. Start-up Cost $0 $100 - $746 per merchant, depending on merchant account hierarchy in place at a campus. Transaction Cost New Merchant Start-up Process Batch Size Limitation $0.03 (total cost for authorization and settlement) $10 per month per merchant No monthly minimum Once a campus gets set up, merchants can be added by a campus administrator on-line in a matter of minutes. None Optional implementation support packages available for $3.4K - $7.5K, depending on the package selected. 1 $0.085 - $0.136 (total cost for authorization and settlement), depending on consolidated UC transaction volume. 2 Monthly minimum fees may apply, depending on how merchant accounts are structured. 2 Once a campus is set-up, merchants can be added by sending request form to Cybersource, with set-up complete in 1 day None 1 Descriptions of the Implementation Options are available from the Banking Services Group (contacts at the end of this document) or your campus Credit Card Coordinator 2 Due to the confidentiality of pricing, pricing specifics can be obtained by from the Banking Services group (contacts at the end of this document) or your campus Credit Card Coordinator.

Guidelines for IPG Processing Model Page 9 of 12 Category Authorize.Net Cybersource Batch Settlement Timing and Notification Business Functionality Data Access Access to Credit Card Numbers Reporting Once per day, time can be specified by the merchant E-mail notice sent upon batch settlement Ability to process card-present transactions due Q3/02 (only from PC-based terminals) On-line access for 24 rolling months. Offline available for seven years. Two user-defined fields available in data base, each 55 characters long. Other fields not stored in the data base can be sent with the transaction data and is re-associated with the transaction result returned back to the campus. Full credit card numbers stored and retrievable in data base. Can be masked by user ID. Only one hierarchy level available, reporting only summary information (using Reseller reporting tools). Detail level information is only available at the merchant level, using merchant-specific log-in. No customizable reports. Data can be downloaded in tabdelimited format. Once per day, around midnight (after our current processor s cut-off time) No e-mail notification of settlement No plans for card-present consolidation disclosed On-line access for six rolling months. No offline availability. One user-defined field stored in data base, 50 characters. Full credit card numbers not retrievable from data base for security reasons If Enterprise Support package is purchased, super-merchant signon is available, allowing those users the ability to view and consolidate transactions in subordinate merchant accounts. Transaction analysis tools available. 3 No customizable reports. Reports can be downloaded in XML or CSV formats. 3 For a description of the Enterprise Support Package, contact the Banking Services Group (contacts at the end of this document) or your campus Credit Card Coordinator

Guidelines for IPG Processing Model Page 10 of 12 Category Authorize.Net Cybersource Reporting (cont d) Gateway Interface Options System Reliability System Redundancy An unlimited amount of data can be sent to the gateway along with the transaction data that is used for the payment. Authorize.net will keep this data temporarily and re-associate it with the authorization response, and return all the data back to the merchant. HTTPS form post SSL socket C/C++ Perl Java COM objects 99.2% availability in 2001 99.95% availability in 2001 System problems communicated via merchant web-site in general; under certain circumstance e- mails are sent. Details not disclosed Significant system problems communicated via e-mail. With Enterprise Support, will also receive phone call. 3 Robust and well-documented infrastructure for data, connection, and server redundancy Data Security Utilizes RSA 128 bit encryption Utilizes RSA 1024 private/public key encryption Disaster Recover Plan Billing Service Support DRP will be presented to Board of Directors 5/02, with target implementation by year-end 2002. Billing statements available electronically, via e-mail, or on paper. Billed by merchant, or rolled up to a consolidated bill per campus. Telephone and e-mail support: 6:00am 11pm PT, 7 X 365 24 X 7 Operations Support available Well designed DRP (could not be shared). Warm back-up site outside of CA planned for Q2/02. Electronic and paper billing statements available. Can bill by merchant, campus, or systemwide. Telephone and e-mail support: 7:00am 7:00pm PT, M F 24 X 7 Operations Support available 3 For a description of the Enterprise Support Package, contact the Banking Services Group (contacts at the end of this document) or your campus Credit Card Coordinator

Guidelines for IPG Processing Model Page 11 of 12 Category Authorize.Net Cybersource Service Support (cont d) One level of Service offered, but UC will have a Relationship Manager available for escalation of issues. Basic Service includes telephone and e-mail support and access to Support Center. Premium Service (Enterprise Support) includes assigned Technical Support Manager, priority response and escalation of issues, and administrative and analytical tools not otherwise available. 3 Average call hold time: 2 5 minutes. Recent performance indicates hold times of under 2 minutes. Current customer satisfaction rating: 5.4 out of 6.0 scale 80% of calls answered within 10 seconds. Telephone Support: Basic: 4-hour response commitment, handled out of general service pool. Enterprise: Direct call to dedicated Technical Account Manager, 1-hour response guaranteed. 3 Call Abandon rate: 16% Call Abandon rate: 3% 24 hour turnaround for e-mails Basic: 4 hour turnaround for e- mails Enterprise: 1 hour turnaround for e-mails 3 3 For a description of the Enterprise Support Package, contact the Banking Services Group (contacts at the end of this document) or your campus Credit Card Coordinator

Guidelines for IPG Processing Model Page 12 of 12 Category Authorize.Net Cybersource Service Support (cont d) Training documentation on their web site. Training and implementation support available via online support center and e-mail. One day onsite training available for $3746. Optional implementation packages available for $3371-7496. Includes orientation, planning assistance, technical support manager, and telephone support 1 1 Descriptions of the Implementation Options are available from the Banking Services Group (contacts at the end of this document) or your campus Credit Card Coordinator Service Initiation Until further notice, new service under any of the Agreements discussed in this document should be coordinated through the Banking Services Group. Contact Information This document, and future updated versions of it, will be posted on the Office of the Treasurer website at www.ucop.edu/treasurer, under Banking Services. For questions or comments, or to report internet payment gateway relationships outside of these preferred providers, please contact the Banking Services Group:, Senior Manager Stephanie.dang@ucop.edu 510-987-9652 Jerry Frantz, Assistant Director Jerome.frantz@ucop.edu 510-987-9637 Jeffrey Donahue, Senior Treasury Analyst Jeffrey.Donahue@ucop.edu 510-987-9640

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information