Simple & Secure Integrated Payment Processing from Element and Transformations Presented by: Chris Engelhardt Date: August 13 th, 2014
Questions We Will Cover How do you process your payments? Does your business store card holder data / CHD (credit card numbers)? Is Payment reconciliation a problem because of multiple or nonintegrated solutions? Are you familiar with PCI Compliance /Are you PCI Compliant? Do you want a safer way to store card numbers and to have it automatically updated whenever the card expires or is reissued? Do you process ACH payments? Does your current processor provide online reporting tools?
PCI Compliance I know what it is, but I won t get breached.
Payment Card Industry - State of Awareness 71% of merchants store unencrypted payment card data on their business network. 11% of merchants store magnetic stripe track data. 73% of businesses store an average of 114,611 cards per machine. 89% of organizations suffering a payment card breach had not been validated as compliant with the PCI DSS at the time of the breach. 50% of breaches have come from viruses, malware, worms, and trojans. Sources: 2012 Security Metrics Payment Card Threat Report 2013 Verizon Data Breach Investigations Report
PCI Overview - Why is PCI so Important? The Shocking Truth $5 million Average total organizational cost of a data breach Average Breach Cost $194+/ Record 81% Not PCI compliant 45% Companies Breached Filed Bankruptcy 87% of breaches are avoidable using compliant solutions
PCI Overview - Digital Dozen PCI = Payment Card Industry (Store, Process or Transmit Cardholder Data) PCI DSS = PCI Data Security Standard Build & Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor & Test Networks Maintain an Information Security Policy 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. 5. Use and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications. 7. Restrict access to cardholder data by business need-to-know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. 12. Maintain a policy that addresses information security for employees and contractors.
PCI Overview PCI DSS Requirements
PCI Overview Levels & Responsibilities Level Transactions Per Year Target Group 1 Greater than 6 million Anyone with a breach Merchants, Merchant Agents, Processors, Direct Connects 2 1 million 6 million 3 20k 1million Merchants, Merchant Agents, Processors ecommerce Merchants only 4 Less than 1million All Merchants Level 1 -- Annual onsite review by a Qualified Security Assessor (QSA) or Internal Audit if signed by Officer of the company, quarterly network scan Level 2 -- SAQ annually, quarterly network scan Level 3 -- SAQ annually, quarterly network scan Level 4 -- SAQ annually, quarterly network scan
Introducing - PCI Compliant & Integrated Payment Solutions
Secure Processing Platform Purpose-Built Technology vs. Retrofit XML-based Web-services Architecture Platform Scalability Developed and Supported Entirely In-House Industry Leading System Availability Fast and Reliable Payment Processing Merchant Acquiring Advanced Gateway Capabilities Exceeding PCI DSS Compliance Requirements Providing Point-to-Point Encryption and Tokenization
Simplify PCI Compliance with Hosted Payments and Tokenization
A Fully Integrated Solution What Does Fully Integrated Mean? Manage your entire business, including payment processing, from a single software application Key Benefits Easy set up, no third party software or equipment to maintain or configure Removes middlemen who add fees for their services Higher quality processing services and better support because there s only one player in the payment stream Eliminates significant risk and liability and multiple points of failure 12
Hosted Payments Key Benefits ALL cardholder data is removed from payment processing software and merchants systems, greatly reducing business risk, liability and expense. PCI DSS compliance footprint is dramatically reduced by transferring the risk for merchants Features encryption and TransForm Tokenization technology which protects cardholder data in flight and at rest and allows for secure card-on-file billing & scheduled payments
TransForm Tokenization Technology What is Tokenization? Allows the business/merchant to bill fees using a card-on-file, without passing actual credit card numbers between the software and processor Customers that agree to keep a payment file on record for automated onetime payments or monthly and recurring bill payments Data storage responsibilities are transferred to the PCI DSS compliant data storage facility Reduce your PCI footprint and simplify compliance validation Eliminate sensitive cardholder data completely 14
PCI Overview Hosted with NO Storage of CHD Merchant Responsibility Responsibility 12 9 Strong Access Security Policy Secure Network Protect CHD Vulnerability Mngt Program Strong Access Monitor Networks 12 1,2 10,11 3,4 Processor Host Responsibility 7,8,9 5,6
Integrated Software Payment Applications Benefits and efficiencies you can achieve through an integrated payment solution This integrated functionality allows the merchant to process, post, and manage all credit card and ACH customer payments for online, email, text, IVR, and traditional print bill presentment through one system By providing these capabilities, the merchant and/or PSP (Print Service Provider) can offer better service to their customers with a solution that can display their documents in mobile and WEB environments as well as paying their invoices in a common portal. Eliminate security concerns - where do I store credit card numbers? Hosted payment integration, tokenization, PA-DSS / PCI validated No card holder or ACH data touches the merchant s systems or networks Standalone/traditional processing can be a reconciliation nightmare requires extra manpower = time, money & opportunity loss
Additional Features Overview ACH, Account Updater, Online Reporting, Virtual Terminal
ACH through Check Gateway Submit Your Transactions Through Your Business Management Software Submit checks online in real time using your business management software Pull reporting data and check statuses, issue refunds and cancels Submit Batch ACH files Simply check acceptance by capturing only the account and routing number, no need for paper checks or check number Securely store the ACH info in conjunction with TransForm Tokenization ACH payment profile for automated monthly/recurring billing
Account Updater What is Account Updater? With Account Updater, receive automated updates on card-on-file information quickly and efficiently, so your payments remain uninterrupted. This simple and efficient Account Updater service helps your business maintain sales by: Increasing customer satisfaction Eliminating disruptions in recurring payments Reducing recurring payment attrition and customer service expense Key Benefits Increased Sales and Increase Customer Retention by Providing Uninterrupted Service to Customers Improved Customer Satisfaction by Reducing Negative Experiences Caused by Decline Transactions Reduced Costs and Hassle Associated with Contacting Customers to Obtain Updated Account Information Reduced Opportunity for Customers to Switch Service Providers 19
Online Reporting & Virtual Terminal Web-based Acquired Reporting Simple web portal Convenient and Secure Access to Your Payment Transaction Information from Any Web-Enabled PC 13 Months of Historical Data For Year-Over-Year Comparison Monthly statements Transaction & batch history information view, print, export XML or CSV View chargeback and retrieval requests online Virtual Terminal Redundant back-up Securely process one-time transactions from any Web-enabled PC
Element Payment Services Established in 2003 and Acquired by Vantiv in 2013 Vantiv, 40-year old company and 2 nd largest U.S. provider Level 1 PCI DSS Compliant Technology Provider Providing Cost-Effective, Simple & Secure, Payment Processing Solutions that Remove the Cost & Burden Associated with PCI Compliance Trusted Provider supporting over 300+ integrations Recognized Industry Leader by Peers and Partners Top 2 Worldwide Acquirer and Forbes Magazine 2013 Fastest Growing Tech Companies
Transformations Transformations Founded in 1988 as Software Solutions Co. History in Manufacturing & Distribution Warehouse/Inventory Management & Enterprise Resource Planning Systems Research into other markets Uluro launched in late 2009 Uluro, is an all-encompassing product for print service providers (PSP s) and enterprise mailers challenged by the complexities of high-volume production and distribution of critical customer communications Uluro has integrated its software payment application with Element s Express Gateway Hosted solution for PCI/PA-DSS validated payment processing and tokenization
Benefit Overview: PCI Compliant Payment Processing Hosted Payment Gateway Integration within industry/business software product s Tokenization Secure payment profile for monthly and recurring customer payments Eliminate Errors & Duplicate Entries through an integrated payment software Hosted Web Reporting 24/7/365 + Virtual Terminal QUESTIONS?
Merchant Questions To Be Aware Of How do you process your payments? What is your method of acceptance, payment applications? How do you handle card storage, PCI, ACH? Does your business store card holder data / CHD (credit card numbers)? Stored in places like customer files, network databases, Excel files, etc.? Is Payment reconciliation a problem because of multiple or non-integrated solutions? Benefits of fully integrated vs. standalone systems Are you familiar with PCI Compliance /Are you PCI Compliant? Are you putting your organization at risk? Are you using an out-of-scope solution, (e.g., Hosted payment integration and tokenization)
Merchant Questions To Be Aware Of Do you want a safer way to store card numbers and to have it automatically updated whenever the card expires or is reissued? ACCOUNT UPDATER with Tokenization Do you process ACH payments? Integrated ACH payment, tokenization for account on file recurring bill payments Does your current processor provide online reporting tools? Manage merchant account online with interactive reporting tools Do you feel your being overcharged for transaction fees or do you have unnecessary fees on your statement? Is your merchant provider a direct payment processor or third-party? Are you locked in a contract or do you want to keep your current processor? Gateway only service is an option to still utilize the integrated payment features/functionality
Thank You!! NEXT STEPS For further information, please contact: Adam Armstrong Transformations/Uluro Adam@Uluro.com (615) 261-3222 Chris Engelhardt Element/Vantiv Christopher.engelhardt@vantiv.com (847) 752-8494