TRMGTRMGTRMGTRMG St. Louis October 9-11, 2011 To Get PAID ?

Trends in Payments St. Louis October 9-11, 2011

Most Common EFT Payment Types St. Louis October 9-11, 2011 EDI (Electronic Data Interchange) - usually used by large companies for large payments WIRE Transfers - usually used for same day payment - international payment - final payment ACH (Automated Clearing House) - universal usage Credit Card - primarily used for smaller payments - customer convenience - perks

Obstacles To Change St. Louis October 9-11, 2011 One size DOES NOT fit all Difficult Integration with Operating Systems ERP/Accounting/Payment Process/Technology Customer Willingness/Ability to Adopt Paretos Principle ??

Pareto's Principle vital few and trivial many aka the vital few and trivial many Dr Joseph Juran, PHD.1906 aka The 80-20 Rule The 80-20 Rule Part of the Problem Vilfredo Pareto-Italian Economist St. Louis October 9-11, 2011

PULLED ACH Single Payment Entry 16354 084000084 156564163 (OPTIONAL) $5525.50 ABC Plumbing Apply transaction to invoice # 1165339 [email protected] St. Louis October 9-11, 2011

Remittance Upload Eliminate the labor intensive process of entering your remittance information. Now you can simply attach a file containing this critical information along with your payment! Transaction # 646053 St. Louis October 9-11, 2011

PULLED ACH Multiple Invoice Entry Transaction # 646054 16354 084000084 156564163 (OPTIONAL) ABC Plumbing Apply transaction to invoice # 1165339 Deduct late fees on all invoices 995 997 999 $1001.50 $100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 St. Louis October 9-11, 2011

PULLED ACH Scheduled Payment Entry Transaction # 646055 16354 084000084 156564163 (OPTIONAL) $5525.50 ABC Plumbing Apply transaction to invoice # 1165339 St. Louis October 9-11, 2011

Transaction Report 123450000 Halpern Industries Goodsteins Crown Molding Inc. Fountains Fence, LLC Lonardo Food Services 94156 St. Louis October 9-11, 2011

PULLED ACH CTX Formatting Transaction # 646054 16354 084000084 156564163 (OPTIONAL) ABC Plumbing Apply transaction to invoice # 1165339 Deduct late fees on all invoices 995 997 999 $1001.50 $100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 St. Louis October 9-11, 2011

Significantly reduce lockbox fees Automated cash applications Automated posting Eliminate admin tasks such as data entry Improve efficiency of A/R operations Paper is no longer needed to store or transfer data. Computers may now retrieve and exchange payment remittance advices. CTX Reporting (EDI-820) St. Louis October 9-11, 2011

PUSHED ACH Via YOUR COMPANY WEBSITE

PUSHED ACH Sample Registration User ******** Online Bill Pay Customer [email protected] St. Louis October 9-11, 2011

PUSHED ACH Payment Entry Transaction # 646053 16 084000084 156564163 (OPTIONAL) ABC Plumbing Apply transaction to invoice # 1165339 Deduct late fees on all invoices 995 997 999 $1001.50 $100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 St. Louis October 9-11, 2011

PUSHED Credit Card Entry - Option Transaction # 646053 16 1525 SW 33193 41111111111111 ABC Plumbing Apply transaction to invoice # 1165339 995 997 999 $1001.50 $100.00 $500.50 No. of Invoices: 3 Amount: $1602.00 Miami 4141 St. Louis October 9-11, 2011

Credit Card Merchant Services Reduce your processing fees and the cost of accepting payments by credit card. St. Louis October 9-11, 2011

Three key entities manage the payment system. Issuers Issue cards Assume buyers credit risk Generate reports Provide customer service Acquirers Sign up merchants Underwrite merchant risk Provide processing Authorization Capture/Settlement Generate reports Provider customer service Networks Provides systems/operations Develops products Provides risk management Provides advertising and promotions Sets standards and rules Ecosystem of a credit card transaction St. Louis October 9-11, 2011 OTHERSOTHERS OTHERSOTHERS

Ecosystem of a credit card transaction Presentment Card Present Card Not- Present Card Type Personal Business Corporate Debit Data Level I Level II Level III Interchange Rates MCC Business Type Bank Fees Negotiated No Padding Unbundled Net Billing No +++ Fees Tools Funds Available St. Louis October 9-11, 2011

If a customer is going to pay by credit card, can I force them to make the payment right away without extending terms? YES, the merchant is not required to offer delayed payment via card. You may establish a policy whereby cards are accepted only when the customer is paying in full at the time of the transaction. This policy must be applied to all types of cards. St. Louis October 9-11, 2011

If a customer has been extended terms and then wants to pay an invoice 30 to 60 days later, can I refuse to accept their card and require that they pay with another form of payment other than credit card? Yes, you may take cards just for payments in full provided that it is clear to customer at the outset (card acceptance terms must be clear) St. Louis October 9-11, 2011

Can terms for credit card paying customers be different than those paying by check? You must honor all valid cards without discrimination when properly presented for payment. A merchant must maintain a policy that does not discriminate among customers seeking to make purchases with a card. Mastercard 5.8.1 St. Louis October 9-11, 2011

If I accept cards for regular sized payments that are usually $1,500, and then a new customer wants to place an order that will cost $50,000 and wants to pay by credit card, can I refuse to accept payment by credit card because it is a sizable payment or can I renegotiate terms or the price? You must not require, or indicate that it requires, a minimum or maximum transaction amount to accept a valid and properly presented card. St. Louis October 9-11, 2011

Can I pass the cost of the credit card processing along to my customer in the form of a fee? No, Visa and MasterCard regulations do not allow you to charge a fee or pass back the interchange to the cardholder for accepting their card for payment. St. Louis October 9-11, 2011

Can I charge my customer a Convenience fee? VISA Charged for a bona fide convenience in the form of an alternative payment channel outside the Merchants customary payment channels Disclosed to the Cardholder as a charge for the alternative payment channel convenience Added only to a non face-to-face Transaction 1 A flat or fixed amount, regardless of the value of the payment due Applicable to all forms of payment accepted in the alternative payment channel Disclosed prior to the completion of the Transaction with an option for the cardholder to cancel the transaction Included as a part of the total amount of the transaction (single transaction which has Convenience Fee Amount and Principal Payment Amount combined in the total amount field) Not added to a recurring transaction. St. Louis October 9-11, 2011

Can I charge my customer a Convenience fee? Mastercard A merchant must not directly or indirectly require any MasterCard cardholder to pay a surcharge or any part of any merchant discount or any contemporaneous finance charge in connection with a MasterCard card transaction. A merchant may provide a discount to its customers for cash payments. A merchant is permitted to charge a fee (such as a bona fide commission, postage, expedited service or Convenience Fees, and the like) if the fee is imposed on all like transactions regardless of the form of payment used. Common Convenience Fee practices associated with MasterCard include: The Convenience Fee can vary based on the amount of the transaction MasterCard believes the best practice is to utilize the two-transaction method where there is a separate transaction for the Principal Payment Amount and a separate transaction for the Convenience Fee. However, if the merchant is also accepting Visa for a non-tax, a single transaction is required. To simplify processing in this case, a single transaction method would be used for all card types. St. Louis October 9-11, 2011

If I cant charge a fee to cover the credit card processing fees, is there a way to reduce the cost of processing fees? Process directly with the Processor not ISOs (which may include Banks) Consider including the cost of processing in the cost of goods so that cash discounts may be offered Review processing procedures and policies regularly to assure best practices St. Louis October 9-11, 2011

Negotiate for better rates with your processor Bundled vs. Unbundled pricing model Make sure you are set up with the correct MCC code with your processor Make certain that your processor does not practice padding of the Interchange fees Make sure there are no hidden fees Make certain you are being billed on NET processing. St. Louis October 9-11, 2011

CNP transactions should most often include the use of a PC for processing. Make certain that all necessary data is being included with the transaction Use of Level III processing Use of Level III large ticket St. Louis October 9-11, 2011

Level I, II and III Data Requirements Level-I and Level-II data elements can be transmitted via a standard credit card point of sale terminal. Level-III line item detail requires greater system capability, which is provided via Fifth Third- partnered payment processing applications. St. Louis October 9-11, 2011

Sample Transaction Costs: Interchange Expense Visa Purchasing Card: $500 transaction Purchasing B2B Rate (Level I): 2.10 +.10$10.60 Purchasing Level II Rate: 2.05 +.10$10.35 Purchasing Level III Rate: 1.80 +.10$ 9.10 MasterCard Purchasing Card: $500 transaction Purchasing Data Rate I (Level I): 2.65 +.10 $13.35 Purchasing Data Rate II (Level II): 2.40 +.10 $12.10 Purchasing Data Rate III (Level III):1.80 +.10 $ 9.10 14% reduction in cost by processing Level III versus Level I data 32% reduction in cost by processing Level III versus Level I data Interchange only -- Not showing all interchange categories St. Louis October 9-11, 2011

Breakdown of Cost Interchange represents 85% of the cost of this transaction. *Based on Average Ticket currently qualifying for the Visa Commercial B2B (Purchasing, Business, Corp) rate Total Cost = $12.46 St. Louis October 9-11, 2011

Sample Transaction Costs: Interchange Large Ticket Expense Visa Purchasing Card: $7500 transaction Standard Rate 2.95 +.10 $221.35 Business Electronic 2.40 +.10$180.10 Business Card Not Present 2.25 +.10 $168.85 most commom Purchasing Level II Rate: 2.05 +.10$153.85 Purchasing Level III Rate: 1.80 +.10$135.10 Large Ticket.95 + 35.00$106.25 48% reduction in cost by processing Level III versus Level I data Effective Rate 1.41% Interchange only -- Not showing all interchange categories St. Louis October 9-11, 2011

Sample Transaction Costs: Interchange Large Ticket Expense Visa Purchasing Card: $25,000 transaction Standard Rate 2.95 +.10$737.60 Business Electronic 2.40 +.10$600.10 Business Card Not Present 2.25 +.10 $562.60 most common Purchasing Level II Rate: 2.05 +.10$512.60 Purchasing Level III Rate: 1.80 +.10$450.10 Large Ticket.95 + 35.00$272.50 60% reduction in cost by processing Level III versus Level I data Effective Rate 1.09% Interchange only -- Not showing all interchange categories St. Louis October 9-11, 2011

Can I pass the cost of the credit card processing along to my customer in the form of a fee? No, Visa and MasterCard regulations do not allow you to charge a fee or pass back the interchange to the cardholder for accepting their card for payment. St. Louis October 9-11, 2011

Why can some companies/industries pass along the fees to their customers and we cannot? Convenience Fee Compliance Summary Industry/Card NetworkFixed Fee Variable Fee Face-To- Face Registration RequiredSingle Transaction Support Two Transaction Support Recurring Transaction Third Party Processor Support Utilities (MCC 4900) Visa 1 YesNo YesNo MasterCardYes Yes 2 Yes 3 YesNoYes DiscoverYesYes 6 YesNoYes 4 YesNoYes AmexYes No YesNoYes Government Tax (MCC 9311) VisaYesYes/No 7 Yes NoYes MasterCardYes DiscoverYesYes 6 YesNoYes NoYes AmexYes No YesNoYes Education & Government Non-Tax VisaYesNo Yes NoYes 5 MasterCardYes DiscoverYesYes 6 YesNoYes 4 YesNoYes AmexYes No YesNoYes Other Industries VisaYesNo YesNo MasterCardYes NoYes NoTBD DiscoverYesYes 6 YesNoYes 4 YesNoYes AmexNo St. Louis October 9-11, 2011

How are the rules enforced and what are the consequences of non-compliance? Generally enforced reactively instead of proactively but fines may be levied. Severe cases can cause your company to be blacklisted. St. Louis October 9-11, 2011

What card data can be stored? Customer Name Credit Card Number Expiration Date (security code should NEVER be stored) St. Louis October 9-11, 2011

Is it true that the credit card processing activity will be reported to the IRS beginning 2011? Yes, income through credit and debit card transactions will be reported to the IRS starting in 2011. No real reporting mechanism is known at this time. St. Louis October 9-11, 2011

Card Present 73% The Reality of Card Data Compromise Card Data Compromise Statistics In contrast to common belief, Card Present merchants are twice as likely to be compromised than Card Not Present merchants. 24% 75% 1% Source: Trustwave (based upon total number of breach events) As a consumer, you are more likely to have your card stolen making a face-to-face transaction, than when shopping online. St. Louis October 9-11, 2011

Source: Trustwave (based upon total number of breach events) Food Service Industry represents the majority of the compromises (56%). Retail Industry is the next largest industry seeing compromises (22%). 56% 22% 4% 2 % The Reality of Card Data Compromise Card Data Compromise Statistics The challenge for large retailers to meet their customers needs at the speed with which customers demand, creates tremendous security issues. St. Louis October 9-11, 2011

Challenges by the Numbers Payment data breaches represented 98% of all data breaches in 2009. 1 More than 280 million payment card records were breached in 2008 alone. 2 Current State of the Industry 1 Trustwave Global Security Report 2010 2 Verizon 2009 Data Breach Investigations Report 3 Ponemon Institute, 2008 Annual Study: Cost of a Data Breach Credit card data remains an extremely valuable commodity. The average cost of a data breach is $202 per record and rising, with the average cost of a large scale breach reaching $6.6 million dollars. 3 A significant data breach at one PCI Level 1 retailer has cost over $250 million dollars so far.. St. Louis October 9-11, 2011

PCI DSS Compliance Merchant Levels Any merchant, regardless of acceptance channel, processing 6 million Visa or MasterCard transactions per year, or any merchant that the card brands determine should be considered a Level 1 merchant Merchant Level 1 Any merchant, regardless of acceptance channel, processing 1 million to 6 million Visa or MasterCard transactions per year Merchant Level 2 Any merchant processing 20,000 to 1 million e- commerce Visa or MasterCard transactions per year Merchant Level 3 All other merchants regardless of acceptance channel Merchant Level 4 Leve l 1 merchants have rigorous compliance requirements. Level 4 merchants are impacted, as well! St. Louis October 9-11, 2011

PCI DSS Compliance Merchant Validation *Note: Due to MasterCard Site Data Protection (SDP) program rules, all level 1 and 2 merchants that elect to perform their own validation assessments must ensure that the primary internal auditor staff engaged in validating PCI DSS compliance attend merchant training programs offered by the PCI Security Standards Council (PCI SSC) and pass any PCI SSC associated accreditation program annually in order to continue validation in this manner. The training deadline is June 30, 2011. Merchant Levels Level 1* Level 2* Level 3 Level 4 On Site Assessment Report on Compliance (ROC)* Submitted to Acquirer Annually Not Applicable Self Assessment Questionnaire Not Applicable Submitted to Acquirer Annually* Submitted to Acquirer Annually Best Practice Annually Submitted at Acquirers discretion Network Vulnerability Scans Required Quarterly Submitted at Acquirers discretion St. Louis October 9-11, 2011

How It Works Sensitive card data is encrypted at the point of capture using format preserving encryption PAN/Track Data/Expiration Data are encrypted in the device using a Private Key Auth Request moves through merchants POS/Host/Network completely encrypted to Fifth Third data center Fifth Third decrypts the data and transmits to the card networks Auth approval is received from network, card token is generated and submitted back to merchant Merchant completes post-authorization and back office activities with tokenized card value End to End Encryption and Tokenization St. Louis October 9-11, 2011

Key Solution Capabilities Enable encryption at the point of sale without the need of complex key injection Provide true end to end encryption from entry devices all the way to brand handoff Allows for robust host side capabilities maximizing reliability and meeting high volume requirements Allows for encryption in multiple environments: Swipe Key entered E-commerce Risk Mitigation Potential PCI scope reduction: The potential ability to take components out of scope Protection of Brand Reputation Implement security solution that will be sustainable and flexible as association and governing bodies rules develop and change End to End Encryption and Tokenization Key Customer Benefits St. Louis October 9-11, 2011

PCI Compliance Types of Risk Systemic Risk Primarily Risk associated with large scale data breaches Increasingly sensitive due to PR impact and potential for civil litigation Often associated with organized crime and sophisticated IT break ins PCI ( Payment Card Industry Data Security Standards) meant to address major challenges Operational Risk Normal fraud risk associated with individual transactions Can often be prevented by operational best practices St. Louis October 9-11, 2011

12 Potential Signs of CNP Fraud Keep your eyes open for the following indicators. When more than one is true during a card-not-present transaction, fraud might be involved. Follow up, just in case. 1.First-time shopper: Criminals are always looking for new victims. 2.Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase. 3.Orders that include several of the same item: Having multiples of the same item increases a criminals profit 4.Orders made up a big-ticket items: These items have maximum resale value and therefore maximum profit potential. 5.Rush or overnight shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and arent concerned about extra delivery charges. 6.Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the U.S. Visa AVS cant validate non-U.S., except in Canada and the United Kingdom. St. Louis October 9-11, 2011

12 Potential Signs of CNP Fraud (contd) 7.Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards. 8.Multiple transactions on one card over a very short period of time: Could be an attempt to run a card until the account is closed. 9.Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work. 10.In online transactions, multiple cards used from a single IP (Internet Protocol) address: More than one or two cards could definitely indicate a fraud scheme. 11.Transactions with similar account numbers: Particularly useful in the account numbers used have been generated using software available on the internet (e.g., CreditMaster) 12.Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account. St. Louis October 9-11, 2011

TRMGTRMGTRMGTRMG St. Louis October 9-11, 2011 To Get PAID ?

Documents

Transcript of TRMGTRMGTRMGTRMG St. Louis October 9-11, 2011 To Get PAID ?