Maryland Government Finance Officers Association October 25, 2013 1
Payment Methods Receiving Payments Making Payments New Developments 2
Paper Plastic Bank Account Cyber Cash Digital Currency Cash Check Money Order Travelers Checks Debit Cards Credit Cards Stored Value Cards Online Bill Payment Bank Account Payments (ACH debits) Pay Pal, Google Wallet, Dwolla, et al BitCoin, BitMint 3
The average consumer held 5 of the nine payment instruments and used 3.8 of those in a typical month Movement is from paper to plastic and electronics 93.6% of consumers have at least one bank account 30% of consumers had a nonbank payment account (Pay Pal, Google Wallet, etc.) 80% of domestic consumer spending in 2011 was done without cash 4
Payment Card Industry (PCI) Data Security Standard Level 1 - Merchants processing 6 million or more transactions per year. Level 2 Merchants processing 1M to 6M Visa transactions per year. Level 3 - Merchants processing 20,000 to 1M e-commerce transactions per year. Level 4 - Merchants processing fewer than 20,000 e- commerce transactions per year, and all other merchants processing up to 1M transactions per year. 6
Reputational risk is worst case scenario for government entities where taxpayers are already sensitive about their privacy Many services charge a monthly fee for non compliance Fines for data breaches are substantial www.pcisecuritystandards.org 7
Common challenge areas and drivers for change included: Lack of education and awareness Weak passwords, authentication Third-party security challenges Slow self-detection, malware 8
New guidelines version 3.0 of the PCI Data Security Standard (PCI DSS) to be released November 7 To be implemented by January 1, 2014 More emphasis on shared responsibility between acquirers and merchants who handle card transactions Protection of credit card terminals from physical tampering Compiling an inventory of system components, including servers. 9
10
Can reduce the scope of PCI compliance requirements Cardholder Data Environment (CDE) is any system that stores, processes or transmits cardholder data and is within the scope of PCIDDS To be considered outside the CDE, must show that a breach of the system would not breach the CDE and cardholder data 11
P2PE solutions need to comply with PCI Hardware Standards Cryptographic keys are secured inside the hardware terminal and terminal does not output clear text cardholder data Third party owns and manages security configuration, barring merchant access to keys Reduces the CDE to only the terminal itself 12
Rather than the magnetic stripe, these cards contain an embedded microchip that is authenticated using a PIN. To make a purchase, the card is placed into a PIN pad terminal which accesses the card s microchip and verifies its authenticity using algorithmic codes. The cardholder validates their identity by entering the PIN. 14
Chip &PIN authenticates by inserting the card in the POS device and entering PIN Chip & Signature authenticates by signature rather than PIN Near Field Communication (NFC) requires chip to be installed in phone No CVM (cardholder verification method) for small purchases 15
Introduced in 1996, 22 countries, including China, India, Japan, Mexico, Canada and many in Western Europe and Latin America have migrated to EMV, encrypted microprocessor chip and PIN technology for credit and debit payments. Also referred to as the EMV (Europay- MasterCard-Visa) Chip-and-PIN card 40% of cards and 71% of payment terminals worldwide support EMV standards More than 1 billion EMV cards used at over 15.4 million EMV terminals throughout 80 countries 16
Once EMV cards and readers were introduced in the UK, overall credit card fraud dropped 32.5% between 2004-2011, with a 72.5% reduction in fraud from lost or stolen cards Most US merchants are not able to process the EMV cards presented by international travelers and must rely on cash sales for these customers. In 2012, only 1 million of Visa s 230 million US-issued cards were chip enabled 17
In 2001, it was estimated that it would cost $13.4 billion to convert the point of sale infrastructure in the US to accept these smart cards, and that 74% of the cost would have to be borne by the merchants. At that point, credit card fraud was only a $1 billion problem. Current estimate to implement is $12.7 billion Current credit card fraud is estimated at $8.6 billion PCI Compliance costs are substantial 18
An expensive solution to a small problem, says Sinclair Oil Corporation 80% of current transactions are PIN based, debit card purchases Cost per gas station to install EMV terminals? $20,000 per station $40 million for the company Wendy s says its actual fraud rate is so small it s hardly worth mentioning. It processes 300,000 card transactions day. 19
Master Card, Visa, American Express and Discover have issued an October 2015 deadline for POS terminals that can process EMV cards After that deadline, merchants not implementing EMV technology will absorb fraud losses Deadline extended to October 2017 for gas stations 20
21
EMV does not address the card not present transaction Some merchants may elect to absorb the cost of fraud losses rather than retrofit its terminal equipment Technology whose time has come and gone Mobile wallets Virtual cards are replacing plastic Digital cash 22
Participant Eligibility Elementary and secondary schools Colleges, universities, professional schools Local, state and federal courts Government entities Convenience fee can be: Flat fee per transaction Variable/tiered rate based on amount owed Fixed percentage of amount owed Different for debit and credit cards (cannot be assessed on PIN based debit cards) Must be the same fee structure for all credit card brands 24
Place and method of payment not restricted Whether in person, on the Internet, by phone, mail or at a kiosk Processing Requirements Notification of fee at the time of the transaction Customer service number must be transmitted to acquirer for the payment and the fee May not be advertised as an offset to the merchant discount rate Recommended, but not required, that the fee be charged as a separate and unique transaction 25
Mobile Payment Services accepting credit cards via cell phone or ipad Square ended 2012 with $10 billion in processing for 40,000 merchants Square s new pricing offers a flat $275/month fee with no swipe fee or no monthly fee and 2.75% swipe fee Three popular providers: Square Reader (2010) PayPal Here Reader (2012) Intuit Go Payment (2012) 27
Ability to capture account number information and create an electronic file to upload to receivable database ( mini inhouse lockbox ) Many banks now offer customers the ability to deposit checks using their Smartphone camera to capture an image of the front and back of the check. Remote Deposit Capture Duplicate Deposits Cross bank duplicate detection system is available and used by many big banks An increasing number of banks are applying availability schedules to all check deposits Holder in Due Course-check cashing organizations Secure scanned checks and shred timely! 29
Integrated Receivables services process checks, credit cards and electronic payments Data exchange of receivables file for lockbox provider to research account numbers and apply payments, reducing exception work MICR line and account number identification database to identify payments by MICR Service level agreements management is best practice 30
Fed Wire Extended Remittance Information (ERI) Originators of wire transfers can now include up to 9,000 characters of extended remittance information Identifying what the wire is intended to pay will be significantly easier Single Euro Payments Area (SEPA) Payment-integration of the European Union for bank transfers denominated in euros. SEPA consists of the 28 EU member states, Iceland, Liechtenstein, Norway and Switzerland and Monaco. Improve the efficiency of cross-border payments and turn the fragmented national markets for euro payments into a single domestic one, similar to our ACH network Transaction costs for SEPA payments are significantly less than wire transfers 32
On-line purchases using your on-line banking service Limited acceptance at PNC Bank, The Bank of Maine, US Bank Secure Vault Payments accepted at: Columbus State University, Columbus (GA) Water Works, University of Georgia, University of Wisconsin Stout, Wicked Whoopies 33
A Universal Payment Identification Code (UPIC) is a unique account identifier that looks and acts just like a real account number on ACH transactions Bank Agnostic 34
Secure and accurate vault deposit system for cash-intensive businesses Tracks, stores and balances multiple cash sales Immediate credit Fee structure includes Purchase or lease of vault Provider fees for pickup and maintenance Bank related fees (per deposit, per volume) Weigh costs against daily armored pick up, immediate credit, improved internal controls 36
Reduction of coin collection and its related problems Register cell phone number, license plate and a credit card To use, call a toll free number, enter the location number of the meter and the number of minutes you wish to park You even get a text message when you meter time is running out! 45 transaction fee in DC; 35 in Montgomery County Use the Parkmobile mobile app or mobile website to enter in the location number listed on the sign. (reduced transaction fee of 30 37
38
Integrate with existing AP systems and workflows with bank via electronic data transfer of payment details, including payment method (check, purchasing card, ACH, Wire) Eliminates the risks associated with maintaining check stock Eliminates the need to transmit positive payee and account reconciliation data Many banks will assist in encouraging vendors to accept ACH and purchase card payments, reducing costs related to issuing checks (bank reconciliation, unclaimed property, reissuance of lost/stolen checks) Two models for purchasing card transactions Virtual Cards Buyer Initiated Payments BIP 40
41
Two models for purchasing card transactions Virtual Cards Buyer Initiated Payments BIP Virtual Cards Payment Instructions transmitted to bank Card number and dollar limits assigned to the vendor and securely remitted to vendor s email Vendor places charge against card number Buyer Initiated Payments Payment Instructions transmitted to bank Bank initiates transaction into the card payment network Payment directly credited to Vendor s bank account as a credit card receipt Payment confirmation delivered to Vendor 42
New York Attorney General is inquiring about payroll card programs Consumer Financial Protection Bureau (CFPB) said employers can t mandate wages via payroll cards, but can offer option of Direct Deposit Class action lawsuit brought against a Pennsylvania McDonald s Largest complaint is the fees employees pay; un-banked employees pay between 2.4-3% in check cashing fees. Many payroll card programs do not cost employees for basic services 44
Short-range wireless communication Wave device at terminal to pay Merchants can upload coupons and promotional data and send text alerts of sales Driven by financial institutions to increase use of their credit cards 46
Able to handle multiple payment forms, various credit cards Primarily used for small-value payments; driven by financial institutions to increase use of their credit cards Smartphones must have NFC chip. Many smartphones, including Apple do not have NFC chips 47
Battery drain issues and interference from mobile cases used to protect phone Requires expensive POS terminal modification Security questions - 64% in a recent survey said they don t think mobile payments are secure 50 % of Smartphone users have not heard of mobile payments, and of the ones who had, only 8% said they are familiar with the technology Many smartphones, including Apple do not have NFC chips 50
Clinkle offers high frequency sound waves to transmit data PayPal and Apple are using wireless signals via Bluetooth Low-Energy technology Cashtie Cloud Match Service replaces NFC hardware and software to accept mobile payments 51
52
Informational Account balances Transaction details Alerts Managerial Wires approvals ACH approvals Positive pay decisions Account transfers Source :Wells Fargo competitive analysis; data based on primary research using demos, press releases, third-party reviews 53
Source :Wells Fargo competitive analysis; data based on primary research using demos, press releases, third-party reviews 54
55
Person to person payment technology still not widely used in the US In May 2013, Google integrated its Google Wallet with Gmail for emailing person to person payments Users must have a Google Wallet linked with a bank account for free transfers A flat 2.9% transaction fee for payments made from debit or credit card Receiving money is always free Barclays offers Pingit money sending service for smartphones Download app Ability to transfer money to anyone with a UK bank account
Merchants can accept; also enables person to person payments Dwolla accounts are free for consumers and merchants (Dwolla goes through the usual Know Your Customer procedures) Paying with Dwolla is like paying with cash or a check online Transactions under $10 are free; all others are 25 59
Magic Bands Walt Disney is testing a rubber bracelet that is tied to a credit card The bracelet can be waved in front of a credit card processing terminal to pay for items at Disney Parks The bracelets can also serve as hotel room keys Google Glass The Google Glass headset computer is still in development, but some advance releases are available for a premium MasterCard is actively developing applications that allow consumers to make payments at credit card processing stations Samsung s Galaxy Gear smartwatch MasterCard is also examining potential credit card payments applications 60
BitCoin (BTC) is the world s first completely decentralized digital currency The value of a BTC has grown and fluctuated greatly, from pennies in its early days to more than $260 at its peak in April 2013 Under close scrutiny by law enforcement for potential money laundering FinCEN maintains that Bitcoin exchanges operating in the U.S. must be registered as money transmitters. 61
62
????????????? CJVolk Associates, Inc. Treasury and Cash Management Consulting Claudia Volk, CTP, AAP, CPA Principal 1300 South Washington Street Falls Church, VA 22046 T 703 405-4404 F 703 940-2510 claudia.volk@cjvolk.com????