TRMGTRMGTRMGTRMG St. Louis October 9-11, 2011 To Get PAID
?
Slide 2
Trends in Payments St. Louis October 9-11, 2011
Slide 3
Most Common EFT Payment Types St. Louis October 9-11, 2011 EDI
(Electronic Data Interchange) - usually used by large companies for
large payments WIRE Transfers - usually used for same day payment -
international payment - final payment ACH (Automated Clearing
House) - universal usage Credit Card - primarily used for smaller
payments - customer convenience - perks
Slide 4
Obstacles To Change St. Louis October 9-11, 2011 One size DOES
NOT fit all Difficult Integration with Operating Systems
ERP/Accounting/Payment Process/Technology Customer
Willingness/Ability to Adopt Paretos Principle ??
Slide 5
Pareto's Principle vital few and trivial many aka the vital few
and trivial many Dr Joseph Juran, PHD.1906 aka The 80-20 Rule The
80-20 Rule Part of the Problem Vilfredo Pareto-Italian Economist
St. Louis October 9-11, 2011
Slide 6
PULLED ACH Single Payment Entry 16354 084000084 156564163
(OPTIONAL) $5525.50 ABC Plumbing Apply transaction to invoice #
1165339 [email protected] St. Louis October 9-11, 2011
Slide 7
Remittance Upload Eliminate the labor intensive process of
entering your remittance information. Now you can simply attach a
file containing this critical information along with your payment!
Transaction # 646053 St. Louis October 9-11, 2011
Slide 8
PULLED ACH Multiple Invoice Entry Transaction # 646054 16354
084000084 156564163 (OPTIONAL) ABC Plumbing Apply transaction to
invoice # 1165339 Deduct late fees on all invoices 995 997 999
$1001.50 $100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 St.
Louis October 9-11, 2011
Slide 9
PULLED ACH Scheduled Payment Entry Transaction # 646055 16354
084000084 156564163 (OPTIONAL) $5525.50 ABC Plumbing Apply
transaction to invoice # 1165339 St. Louis October 9-11, 2011
Slide 10
Transaction Report 123450000 Halpern Industries Goodsteins
Crown Molding Inc. Fountains Fence, LLC Lonardo Food Services 94156
St. Louis October 9-11, 2011
Slide 11
PULLED ACH CTX Formatting Transaction # 646054 16354 084000084
156564163 (OPTIONAL) ABC Plumbing Apply transaction to invoice #
1165339 Deduct late fees on all invoices 995 997 999 $1001.50
$100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 St. Louis
October 9-11, 2011
Slide 12
Significantly reduce lockbox fees Automated cash applications
Automated posting Eliminate admin tasks such as data entry Improve
efficiency of A/R operations Paper is no longer needed to store or
transfer data. Computers may now retrieve and exchange payment
remittance advices. CTX Reporting (EDI-820) St. Louis October 9-11,
2011
Slide 13
PUSHED ACH Via YOUR COMPANY WEBSITE
Slide 14
PUSHED ACH Sample Registration User ******** Online Bill Pay
Customer [email protected] St. Louis October 9-11,
2011
Slide 15
PUSHED ACH Payment Entry Transaction # 646053 16 084000084
156564163 (OPTIONAL) ABC Plumbing Apply transaction to invoice #
1165339 Deduct late fees on all invoices 995 997 999 $1001.50
$100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 St. Louis
October 9-11, 2011
Slide 16
PUSHED Credit Card Entry - Option Transaction # 646053 16 1525
SW 33193 41111111111111 ABC Plumbing Apply transaction to invoice #
1165339 995 997 999 $1001.50 $100.00 $500.50 No. of Invoices: 3
Amount: $1602.00 Miami 4141 St. Louis October 9-11, 2011
Slide 17
Credit Card Merchant Services Reduce your processing fees and
the cost of accepting payments by credit card. St. Louis October
9-11, 2011
Slide 18
Three key entities manage the payment system. Issuers Issue
cards Assume buyers credit risk Generate reports Provide customer
service Acquirers Sign up merchants Underwrite merchant risk
Provide processing Authorization Capture/Settlement Generate
reports Provider customer service Networks Provides
systems/operations Develops products Provides risk management
Provides advertising and promotions Sets standards and rules
Ecosystem of a credit card transaction St. Louis October 9-11, 2011
OTHERSOTHERS OTHERSOTHERS
Slide 19
Ecosystem of a credit card transaction Presentment Card Present
Card Not- Present Card Type Personal Business Corporate Debit Data
Level I Level II Level III Interchange Rates MCC Business Type Bank
Fees Negotiated No Padding Unbundled Net Billing No +++ Fees Tools
Funds Available St. Louis October 9-11, 2011
Slide 20
If a customer is going to pay by credit card, can I force them
to make the payment right away without extending terms? YES, the
merchant is not required to offer delayed payment via card. You may
establish a policy whereby cards are accepted only when the
customer is paying in full at the time of the transaction. This
policy must be applied to all types of cards. St. Louis October
9-11, 2011
Slide 21
If a customer has been extended terms and then wants to pay an
invoice 30 to 60 days later, can I refuse to accept their card and
require that they pay with another form of payment other than
credit card? Yes, you may take cards just for payments in full
provided that it is clear to customer at the outset (card
acceptance terms must be clear) St. Louis October 9-11, 2011
Slide 22
Can terms for credit card paying customers be different than
those paying by check? You must honor all valid cards without
discrimination when properly presented for payment. A merchant must
maintain a policy that does not discriminate among customers
seeking to make purchases with a card. Mastercard 5.8.1 St. Louis
October 9-11, 2011
Slide 23
If I accept cards for regular sized payments that are usually
$1,500, and then a new customer wants to place an order that will
cost $50,000 and wants to pay by credit card, can I refuse to
accept payment by credit card because it is a sizable payment or
can I renegotiate terms or the price? You must not require, or
indicate that it requires, a minimum or maximum transaction amount
to accept a valid and properly presented card. St. Louis October
9-11, 2011
Slide 24
Can I pass the cost of the credit card processing along to my
customer in the form of a fee? No, Visa and MasterCard regulations
do not allow you to charge a fee or pass back the interchange to
the cardholder for accepting their card for payment. St. Louis
October 9-11, 2011
Slide 25
Can I charge my customer a Convenience fee? VISA Charged for a
bona fide convenience in the form of an alternative payment channel
outside the Merchants customary payment channels Disclosed to the
Cardholder as a charge for the alternative payment channel
convenience Added only to a non face-to-face Transaction 1 A flat
or fixed amount, regardless of the value of the payment due
Applicable to all forms of payment accepted in the alternative
payment channel Disclosed prior to the completion of the
Transaction with an option for the cardholder to cancel the
transaction Included as a part of the total amount of the
transaction (single transaction which has Convenience Fee Amount
and Principal Payment Amount combined in the total amount field)
Not added to a recurring transaction. St. Louis October 9-11,
2011
Slide 26
Can I charge my customer a Convenience fee? Mastercard A
merchant must not directly or indirectly require any MasterCard
cardholder to pay a surcharge or any part of any merchant discount
or any contemporaneous finance charge in connection with a
MasterCard card transaction. A merchant may provide a discount to
its customers for cash payments. A merchant is permitted to charge
a fee (such as a bona fide commission, postage, expedited service
or Convenience Fees, and the like) if the fee is imposed on all
like transactions regardless of the form of payment used. Common
Convenience Fee practices associated with MasterCard include: The
Convenience Fee can vary based on the amount of the transaction
MasterCard believes the best practice is to utilize the
two-transaction method where there is a separate transaction for
the Principal Payment Amount and a separate transaction for the
Convenience Fee. However, if the merchant is also accepting Visa
for a non-tax, a single transaction is required. To simplify
processing in this case, a single transaction method would be used
for all card types. St. Louis October 9-11, 2011
Slide 27
If I cant charge a fee to cover the credit card processing
fees, is there a way to reduce the cost of processing fees? Process
directly with the Processor not ISOs (which may include Banks)
Consider including the cost of processing in the cost of goods so
that cash discounts may be offered Review processing procedures and
policies regularly to assure best practices St. Louis October 9-11,
2011
Slide 28
Negotiate for better rates with your processor Bundled vs.
Unbundled pricing model Make sure you are set up with the correct
MCC code with your processor Make certain that your processor does
not practice padding of the Interchange fees Make sure there are no
hidden fees Make certain you are being billed on NET processing.
St. Louis October 9-11, 2011
Slide 29
CNP transactions should most often include the use of a PC for
processing. Make certain that all necessary data is being included
with the transaction Use of Level III processing Use of Level III
large ticket St. Louis October 9-11, 2011
Slide 30
Level I, II and III Data Requirements Level-I and Level-II data
elements can be transmitted via a standard credit card point of
sale terminal. Level-III line item detail requires greater system
capability, which is provided via Fifth Third- partnered payment
processing applications. St. Louis October 9-11, 2011
Slide 31
Sample Transaction Costs: Interchange Expense Visa Purchasing
Card: $500 transaction Purchasing B2B Rate (Level I): 2.10
+.10$10.60 Purchasing Level II Rate: 2.05 +.10$10.35 Purchasing
Level III Rate: 1.80 +.10$ 9.10 MasterCard Purchasing Card: $500
transaction Purchasing Data Rate I (Level I): 2.65 +.10 $13.35
Purchasing Data Rate II (Level II): 2.40 +.10 $12.10 Purchasing
Data Rate III (Level III):1.80 +.10 $ 9.10 14% reduction in cost by
processing Level III versus Level I data 32% reduction in cost by
processing Level III versus Level I data Interchange only -- Not
showing all interchange categories St. Louis October 9-11,
2011
Slide 32
Breakdown of Cost Interchange represents 85% of the cost of
this transaction. *Based on Average Ticket currently qualifying for
the Visa Commercial B2B (Purchasing, Business, Corp) rate Total
Cost = $12.46 St. Louis October 9-11, 2011
Slide 33
Sample Transaction Costs: Interchange Large Ticket Expense Visa
Purchasing Card: $7500 transaction Standard Rate 2.95 +.10 $221.35
Business Electronic 2.40 +.10$180.10 Business Card Not Present 2.25
+.10 $168.85 most commom Purchasing Level II Rate: 2.05 +.10$153.85
Purchasing Level III Rate: 1.80 +.10$135.10 Large Ticket.95 +
35.00$106.25 48% reduction in cost by processing Level III versus
Level I data Effective Rate 1.41% Interchange only -- Not showing
all interchange categories St. Louis October 9-11, 2011
Slide 34
Sample Transaction Costs: Interchange Large Ticket Expense Visa
Purchasing Card: $25,000 transaction Standard Rate 2.95 +.10$737.60
Business Electronic 2.40 +.10$600.10 Business Card Not Present 2.25
+.10 $562.60 most common Purchasing Level II Rate: 2.05 +.10$512.60
Purchasing Level III Rate: 1.80 +.10$450.10 Large Ticket.95 +
35.00$272.50 60% reduction in cost by processing Level III versus
Level I data Effective Rate 1.09% Interchange only -- Not showing
all interchange categories St. Louis October 9-11, 2011
Slide 35
Can I pass the cost of the credit card processing along to my
customer in the form of a fee? No, Visa and MasterCard regulations
do not allow you to charge a fee or pass back the interchange to
the cardholder for accepting their card for payment. St. Louis
October 9-11, 2011
Slide 36
Why can some companies/industries pass along the fees to their
customers and we cannot? Convenience Fee Compliance Summary
Industry/Card NetworkFixed Fee Variable Fee Face-To- Face
Registration RequiredSingle Transaction Support Two Transaction
Support Recurring Transaction Third Party Processor Support
Utilities (MCC 4900) Visa 1 YesNo YesNo MasterCardYes Yes 2 Yes 3
YesNoYes DiscoverYesYes 6 YesNoYes 4 YesNoYes AmexYes No YesNoYes
Government Tax (MCC 9311) VisaYesYes/No 7 Yes NoYes MasterCardYes
DiscoverYesYes 6 YesNoYes NoYes AmexYes No YesNoYes Education &
Government Non-Tax VisaYesNo Yes NoYes 5 MasterCardYes
DiscoverYesYes 6 YesNoYes 4 YesNoYes AmexYes No YesNoYes Other
Industries VisaYesNo YesNo MasterCardYes NoYes NoTBD DiscoverYesYes
6 YesNoYes 4 YesNoYes AmexNo St. Louis October 9-11, 2011
Slide 37
How are the rules enforced and what are the consequences of
non-compliance? Generally enforced reactively instead of
proactively but fines may be levied. Severe cases can cause your
company to be blacklisted. St. Louis October 9-11, 2011
Slide 38
What card data can be stored? Customer Name Credit Card Number
Expiration Date (security code should NEVER be stored) St. Louis
October 9-11, 2011
Slide 39
Is it true that the credit card processing activity will be
reported to the IRS beginning 2011? Yes, income through credit and
debit card transactions will be reported to the IRS starting in
2011. No real reporting mechanism is known at this time. St. Louis
October 9-11, 2011
Slide 40
Card Present 73% The Reality of Card Data Compromise Card Data
Compromise Statistics In contrast to common belief, Card Present
merchants are twice as likely to be compromised than Card Not
Present merchants. 24% 75% 1% Source: Trustwave (based upon total
number of breach events) As a consumer, you are more likely to have
your card stolen making a face-to-face transaction, than when
shopping online. St. Louis October 9-11, 2011
Slide 41
Source: Trustwave (based upon total number of breach events)
Food Service Industry represents the majority of the compromises
(56%). Retail Industry is the next largest industry seeing
compromises (22%). 56% 22% 4% 2 % The Reality of Card Data
Compromise Card Data Compromise Statistics The challenge for large
retailers to meet their customers needs at the speed with which
customers demand, creates tremendous security issues. St. Louis
October 9-11, 2011
Slide 42
Challenges by the Numbers Payment data breaches represented 98%
of all data breaches in 2009. 1 More than 280 million payment card
records were breached in 2008 alone. 2 Current State of the
Industry 1 Trustwave Global Security Report 2010 2 Verizon 2009
Data Breach Investigations Report 3 Ponemon Institute, 2008 Annual
Study: Cost of a Data Breach Credit card data remains an extremely
valuable commodity. The average cost of a data breach is $202 per
record and rising, with the average cost of a large scale breach
reaching $6.6 million dollars. 3 A significant data breach at one
PCI Level 1 retailer has cost over $250 million dollars so far..
St. Louis October 9-11, 2011
Slide 43
PCI DSS Compliance Merchant Levels Any merchant, regardless of
acceptance channel, processing 6 million Visa or MasterCard
transactions per year, or any merchant that the card brands
determine should be considered a Level 1 merchant Merchant Level 1
Any merchant, regardless of acceptance channel, processing 1
million to 6 million Visa or MasterCard transactions per year
Merchant Level 2 Any merchant processing 20,000 to 1 million e-
commerce Visa or MasterCard transactions per year Merchant Level 3
All other merchants regardless of acceptance channel Merchant Level
4 Leve l 1 merchants have rigorous compliance requirements. Level 4
merchants are impacted, as well! St. Louis October 9-11, 2011
Slide 44
PCI DSS Compliance Merchant Validation *Note: Due to MasterCard
Site Data Protection (SDP) program rules, all level 1 and 2
merchants that elect to perform their own validation assessments
must ensure that the primary internal auditor staff engaged in
validating PCI DSS compliance attend merchant training programs
offered by the PCI Security Standards Council (PCI SSC) and pass
any PCI SSC associated accreditation program annually in order to
continue validation in this manner. The training deadline is June
30, 2011. Merchant Levels Level 1* Level 2* Level 3 Level 4 On Site
Assessment Report on Compliance (ROC)* Submitted to Acquirer
Annually Not Applicable Self Assessment Questionnaire Not
Applicable Submitted to Acquirer Annually* Submitted to Acquirer
Annually Best Practice Annually Submitted at Acquirers discretion
Network Vulnerability Scans Required Quarterly Submitted at
Acquirers discretion St. Louis October 9-11, 2011
Slide 45
How It Works Sensitive card data is encrypted at the point of
capture using format preserving encryption PAN/Track
Data/Expiration Data are encrypted in the device using a Private
Key Auth Request moves through merchants POS/Host/Network
completely encrypted to Fifth Third data center Fifth Third
decrypts the data and transmits to the card networks Auth approval
is received from network, card token is generated and submitted
back to merchant Merchant completes post-authorization and back
office activities with tokenized card value End to End Encryption
and Tokenization St. Louis October 9-11, 2011
Slide 46
Key Solution Capabilities Enable encryption at the point of
sale without the need of complex key injection Provide true end to
end encryption from entry devices all the way to brand handoff
Allows for robust host side capabilities maximizing reliability and
meeting high volume requirements Allows for encryption in multiple
environments: Swipe Key entered E-commerce Risk Mitigation
Potential PCI scope reduction: The potential ability to take
components out of scope Protection of Brand Reputation Implement
security solution that will be sustainable and flexible as
association and governing bodies rules develop and change End to
End Encryption and Tokenization Key Customer Benefits St. Louis
October 9-11, 2011
Slide 47
PCI Compliance Types of Risk Systemic Risk Primarily Risk
associated with large scale data breaches Increasingly sensitive
due to PR impact and potential for civil litigation Often
associated with organized crime and sophisticated IT break ins PCI
( Payment Card Industry Data Security Standards) meant to address
major challenges Operational Risk Normal fraud risk associated with
individual transactions Can often be prevented by operational best
practices St. Louis October 9-11, 2011
Slide 48
12 Potential Signs of CNP Fraud Keep your eyes open for the
following indicators. When more than one is true during a
card-not-present transaction, fraud might be involved. Follow up,
just in case. 1.First-time shopper: Criminals are always looking
for new victims. 2.Larger-than-normal orders: Because stolen cards
or account numbers have a limited life span, crooks need to
maximize the size of their purchase. 3.Orders that include several
of the same item: Having multiples of the same item increases a
criminals profit 4.Orders made up a big-ticket items: These items
have maximum resale value and therefore maximum profit potential.
5.Rush or overnight shipping: Crooks want these fraudulently
obtained items as soon as possible for the quickest possible
resale, and arent concerned about extra delivery charges.
6.Shipping to an international address: A significant number of
fraudulent transactions are shipped to fraudulent cardholders
outside of the U.S. Visa AVS cant validate non-U.S., except in
Canada and the United Kingdom. St. Louis October 9-11, 2011
Slide 49
12 Potential Signs of CNP Fraud (contd) 7.Shipping to a single
address, but transactions placed on multiple cards: Could involve
an account number generated using special software, or even a batch
of stolen cards. 8.Multiple transactions on one card over a very
short period of time: Could be an attempt to run a card until the
account is closed. 9.Multiple transactions on one card or a similar
card with a single billing address, but multiple shipping
addresses: Could represent organized activity, rather than one
individual at work. 10.In online transactions, multiple cards used
from a single IP (Internet Protocol) address: More than one or two
cards could definitely indicate a fraud scheme. 11.Transactions
with similar account numbers: Particularly useful in the account
numbers used have been generated using software available on the
internet (e.g., CreditMaster) 12.Orders from Internet addresses
that make use of free e-mail services: These e-mail services
involve no billing relationships, and often neither an audit trail
nor verification that a legitimate cardholder has opened the
account. St. Louis October 9-11, 2011