can you relate?
Post on 21-Jan-2016
27 Views
Preview:
DESCRIPTION
TRANSCRIPT
Confidential and Proprietary Fifth Third Bank | All Rights Reserved
Robert Day 1-800-884-0353 Sept 2007
Using Credit Cards in B2B Transactions:
Presented by:
Robert L. Day
Assistant Vice President
Commercial Interchange
What Every Credit Manager Needs to Know
The information presented in this seminar is for information purposes only, and is not intended as legal or financial advice. The information does not amend or alter your obligations under your agreement with Fifth Third Bank, or under
the Operating Regulations of any credit card or debit card association.
2
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Can you relate?
Your Profit
AgendaAgenda• What is Interchange?• Why is everything downgrading?• What are you really paying ????• Statements: From Best to Worst • Convenience Fees• Risk & PCI • Fraud Protection• Choosing a business partner versus a processor
4
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
What is Interchange?
Interchange makes us the largest cost component for merchant transactions.
— Does not include Dues & Assessments, Access Fees, etc.
Fee collected by Acquirer from the merchant for every Visa and MasterCard transaction.
The Fee is then passed through Visa and MasterCard to the issuing bank.
Depending on detail that is passed with the transaction (Level I, II or III), the transaction may qualify for lower interchange rates.
5
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Networks Provides systems/operations Develops products Provides risk management Provides advertising
and promotions Sets standards and rules
Issuers Issue cards Assume buyer’s credit risk Generate reports Provide customer service
Acquirers Sign up suppliers Underwrite supplier risk Provide processing
—Authorization—Capture—Settlement
Generate reports Provider customer service
Three key entities manage the payment system
6
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Breakdown of Cost
Interchange represents 92% of the cost of this transaction.*Based on Average Ticket currently qualifying for the Visa Credit Retail Rate, 1.54% + 0.10
$50 Visa Credit Card Transaction
$0.87$0.0150
$0.0017
$0.0463$0.001
$0.005 Interchange (1.54% + $0.10)
Base II Fee
Tran Fee
Access Fee
Assessment Fee
Risk Fee
Total Cost = $0.94
7
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Evaluate payment strategies within a framework that closely considers your unique customer demographics as well as your overall business strategies
Minimize the overall impact to your bottom line by monitoring the interchange qualifications affecting your transactions
Understand how interchange downgrades and surcharges increase your effective rates.
Interchange Management
Electronic payments continue to grow rapidly and at the same time the cost per transaction is increasing
due to payment industry evolution
Why is everything Why is everything downgrading?downgrading?
Consumer CardsConsumer Cards
Some interchange surcharges are unavoidable •International, Rewards, World etc..
Most can be avoided.
This should be your focus!!!!
9
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Visa Consumer Card Not Present
• Transactions originating from a Visa Corporate or Purchasing card do not require AVS. Business Cards do require and AVS attempt for interchange qualification.
• Recurring payment transactions do not require AVS as long as the transaction is not the first payment and the time between payments is less than a year.
No
CPS Card Not Present
Yes
Yes Cleared within two
days?
No
Yes
One authorization per clearing message?
Yes
No
AVS performed?*
Electronically authorized?
No
Yes
EIRF
No
Shipped within 7 days and transaction
includes order number and MOTO/ECI
Indicator?
YesNo
Authorized through Intl. Automated
Referral Service?
Standard
No
Cleared within three
days?
Yes
Consumer card transaction where card/ cardholder are not present
10
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Consumer card
transaction where card/ cardholder
are not present
Authorized?
MCC in auth and settle match?
YesCleared within three days?
Yes Merit I
No
Yes
NoNo
Standard
• For MasterCard MO/TO transactions, the authorization and settlement amounts MUST match unless the MCC is a Direct Marketing MCC.
• If the transaction is properly identified as E-Commerce, auth and settlement do not have to match
MasterCard Consumer Card Not Present
Why is everything Why is everything downgrading?downgrading?
Commercial CardsCommercial Cards
Level II and Level III Processing
12
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
• Commercial payment solutions are emerging as the most efficient way to manage corporate payments and receivables.
• With the recent increase for MasterCard Data Rate 2, merchants need to re-evaluate the cost/benefit of transmitting Level III data!
U.S. Segment for Corporate and Purchasing Cards (billions)
$-
$100
$200
$300
$400
$500
$600
$700
$800
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
Purchasing
Corporate (T&E)
Source: Packaged Facts – the US Market for Corporate an Purchasing Cards, January 2005
Commercial Card TrendsCommercial Card Trends
13
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Visa – CNP & E-Commerce Interchange Transaction Date must be within 7 days of the
Authorization Date Transaction Date should equal the Shipment Date Transaction must be settled / cleared to your
Processor within 2 days of the Transaction Date
1 2 3 4 5 6 7 8 9
Ship on Day 7Tran Date = Day 7
As Visa has the stricter requirements of the 2 networks, it is As Visa has the stricter requirements of the 2 networks, it is best to follow the Visa requirements as Best Practicesbest to follow the Visa requirements as Best Practices..
As Visa has the stricter requirements of the 2 networks, it is As Visa has the stricter requirements of the 2 networks, it is best to follow the Visa requirements as Best Practicesbest to follow the Visa requirements as Best Practices..
Auth on Day 1 Settle/Clear transactionto Processor by Day 9
Authorization/Settlement Time FramesAuthorization/Settlement Time Frames
14
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Depending on your Industry and MCC Code, the variance varies from 0-25%
MasterCard MOTO: Tran amount have a 0% Auth/Settlement tolerance and all transactions not matching will go to Standard if not set-up with the MCC codes below.
Visa MOTO: Tran amount may be different than the original auth amount. As long as the auth amount in settlement matches the original auth amount (and all other requirements are met), the transaction should qualify for the optimal rate.
MOTO (Mail Order Telephone Order) MMC Codes 4816,5960,5962,5964,5965,5966,5967,5968,5969,6531
Authorization/Settlement Variance Authorization/Settlement Variance
15
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
MasterCard Commercial CardMasterCard Commercial Card
Level I Must include merchant zip code, location, description, Tax ID
Level II Must include merchant zip code, location, description, Tax ID
AND
Must include Sales Tax and Customer Code
Sales tax must be between 0.1% and 22%
Customer Code must be sent if provided by customer
Effective April 2008: Tax Exempt transactions must be properly identified as such or they cannot qualify for Data Rate 2 (Level II)
Level III Must include Level I and Level II data
AND
Line Item Detail
Unlike Visa, MasterCard’s Business, Corporate and Purchasing Cards are eligible for the Level III rate - Data Rate III
Large Ticket Requirements: Transactions > $7,272, Level II and Level III, no registration required.
NOTE:
Dial Terminal and Host Capture
applications cannot support Level III
data transmission.
The greater the amount of data provided…the better the interchange rate.
This is not a complete description of all
required data elements, but a high level
overview
16
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
MC Commercial Card ChangesMC Commercial Card Changes
2.70%+ $0.10
2.20%+ $0.10
2.20%+ $0.102.20%+ $0.102.10%+ $0.102.00%+ $0.10
U.S. COMMERCIAL CARDS BUSINESS CARD
Commercial Standard 2.70% + 0.10$ 2.95% + 0.10$ Commercial Data Rate 2 2.05% + -$ 2.32% + 0.10$
- Commercial Face-To-Face 2.05% + -$ 2.32% + 0.10$
CORPORATE CARD, CORPORATE WORLD, and CORPORATE WORLD ELITE
Commercial Standard 2.70% + 0.10$ 2.95% + 0.10$ Commercial Data Rate 2 2.05% + -$ 2.05% + 0.10$
- Commercial Face-To-Face 2.05% + -$ 2.05% + 0.10$
-
-
- -
- PURCHASING CARD
Commercial Standard 2.70% + 0.10$ 2.95% + 0.10$ Commercial Data Rate 2 2.05% + -$ 2.33% + 0.10$
- Commercial Face-To-Face 2.05% + -$ 2.33% + 0.10$
- BUSINESS WORLD and BUSINESS WORLD ELITE
Commercial Standard 2.85% + 0.10$ 2.95% + 0.10$ Commercial Data Rate 1 2.80% + 0.10$ 2.65% + 0.10$ Commercial Data Rate 2 2.20% + -$ 2.32% + 0.10$
2.20% + -$ Commercial Data Rate 3 1.90% + -$ 1.75% + -$ Commercial Face-To-Face 2.20% + -$ 2.32% + 0.10$
-
Current October 2007
17
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Visa Commercial CardVisa Commercial Card
Level II Must include merchant zip code, location, description, Tax ID, and Sales Tax.
Sales Tax amount must be between 0.1% and 22% of the amount of the transaction.
Customer Code is no longer required for Level II on Purchasing Cards at non-fuel locations. Customer Code is required for Purchasing Cards at fuel locations
Level III Available to Purchasing Cards ONLY
Must include merchant zip code, location, description, Tax ID, and Message Identifier/Line Item Detail
NOTE: Level II Data (specifically Sales Tax and Customer Code) is no longer required for Level III on Purchasing Cards at non-fuel locations
Additional Info
Tax Exempt transactions can no longer qualify for Level II rates. They may get Level III on P-Cards if Level III data is provided
GSA and Large Ticket requirements have NOT changed (Sales Tax, Customer Code and Line Item Detail still required)
Large Ticket Requirements: Level II and Level III data required, registration required, $1,000 set-up fee, transactions > $4,105
This is not a complete
description of all required data
elements, but a high level overview
NOTE:
Dial Terminal and Host Capture applications
cannot support Level III data transmission.
18
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Visa Commercial Card ChangesVisa Commercial Card Changes April 2007 April 2007 (Non-T&E Merchants)(Non-T&E Merchants)
FeeProgram Current New Current New Current New
Standard 2.70% + $0.10 2.70%+ $0.10 2.70%+ $0.10 2.70%+ $0.10 2.70%+ $0.10 2.70%+ $0.10Electronic 2.20% + $0.10 2.45%+ $0.10 2.20%+ $0.10 2.40%+ $0.10 2.20%+ $0.10 2.20%+ $0.10CNP N/A 2.40%+ $0.10 N/A 2.25%+ $0.10 N/A 2.20%+ $0.10Retail N/A 2.20%+ $0.10 N/A 2.20%+ $0.10 N/A 2.20%+ $0.10B2B N/A 2.10%+ $0.10 N/A 2.10%+ $0.10 N/A 2.10%+ $0.10Level 2 2.00% + $0.10 2.00%+ $0.10 2.00% + $0.10 2.00%+ $0.10 1.90% + $0.10 2.00%+ $0.10Level 3 1.70% + $0.10 1.80% + $0.10 N/A N/A N/A N/A
Purchasing Business Corporate
• Visa Business, Corporate, and Purchasing transactions that are CPS qualified, however do not meet Level 2 data requirements, will no longer receive the Commercial Electronic rates.
• These transactions will be eligible for the new Commercial Card CNP, Commercial Card Retail, or Commercial Card B2B rates.
• Fleet Purchasing card fuel transactions will now be eligible for the new Purchasing Retail rate under certain conditions.
• These changes to the Commercial card interchange fee structure should benefit a number of tax-exempt merchants currently receiving the Commercial Electronic rates.
NOTE – Increases in Electronic, Level II and Level III
.20.25
.10
.10
19
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Sample Transaction Costs:Interchange Expense
Purchasing B2B Rate (Level I): $10.60
Purchasing Level II Rate: $10.10
Purchasing Level III Rate: $ 9.10
Visa Purchasing Card: $500 transaction
MasterCard Purchasing Card: $500 transaction
14% reduction in cost by processing Level III versus Level I data
Purchasing Data Rate I (Level I): $13.35
Purchasing Data Rate II (Level II): $11.75
Purchasing Data Rate III (Level III): $ 8.75
34% reduction in cost by processing Level III versus Level I data
20
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
• Visa: 15% Purchasing, 16% Corporate, 69% Business• MasterCard: 11% Purchasing, 89% Corporate/Business• Merchant does Level I, but not Level II or III
Case Study Case Study Case Study Case Study
Visa Commercial Card• $10,000,000 sales• 100,000 transactions• $100 average ticketMasterCard Commercial Card• $7,500,000 sales• 75,000 transactions• $100 average ticket
Visa Commercial CardsCorporate/Business Level II – 2.00% + $.10
Purchasing Level III – 1.80% + $.10
MasterCard Commercial CardsCorporate/Business Data Rate III – 1.75%
Purchasing Data Rate III – 1.75%
Visa Fees MC Fees
MC Purchasing $22,688(Data Rate I: 2.65% + $.10)
Visa Purchasing $34,500(Purchasing Retail: 2.20% + $.10)
Visa Corporate $36,800(Corporate Retail: 2.20% + $.10)
V/MC Business $158,700 $183,563(Business Retail/Data Rate I)(Visa: 2.20% + $.10, MC: 2.65% + $.10)
TOTAL $230,000 $206,250
Current Effective Interchange 2.30% 2.75%
*Optimal Effective Interchange 2.07% 1.75%
Interchange Improvement % 0.23% 1.00%
Interchange SavingsInterchange Savings = $98,000
Level III Incentive Interchange RatesLevel III Incentive Interchange Rates
21
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Why Upgrade to Level III Support?
• Retain current customers requiring Level III detail
– Fortune 500 companies
– Government
– Universities
• Gain new customers with competitive edge
• Realize interchange savings opportunity
– For MasterCard, Data Rate III (Level III) interchange is 58 basis points lower than Data Rate II (Level II) interchange and up to 90 basis points lower than Data Rate I (Level I) interchange!
• Significant interchange savings opportunity available on Large Ticket commercial card transactions greater than $4,105 (Visa) & $7,272 (MasterCard)
22
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Purchasing Card Usage:Buyer Benefits
Streamlines the Purchasing Power
Eliminates Paperwork
Reduces Costs
Increases Employee Productivity
Provides Automated Controls
Offers Customized Reporting
23
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Card Acceptance:Supplier Benefits
Increased Sales Volume
Improved Cash Flow
Fewer Credit Approvalsand Collection Activities
Increased Productivity
New Sales Channel
Less Paperwork to Process
Customer Acquisitionand Retention
Reduced Costs
Enhanced CompetitivePosition
Improved CustomerService
24
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Common myths to dispel...
Level-3 is hard for a supplier to implement
It’s expensive - the supplier will have to pay more to the banks and will just pass the cost along to buyer
Level-3 requires significant volumes to be worthwhile
The supplier has to write an interface directly to the processing bank OR, the related...
The supplier has to purchase expensive software in order to provide Level-3 data
The supplier only has limited need for this...
There are misperceptions and misunderstandings about Level III enhanced line item detail information for Commercial Cards...
Historically, there was some truth to these generalizations.
For the last several years they have not been accurate and yet their persistence holds back many organizations from participating with
enhanced data.
Credit Card Fees:Credit Card Fees:
What are you really What are you really paying ????????????paying ????????????
26
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Effective Rate Calculations
Per Item Effective Rate:
• To convert a Per Item Fee into a %…
1) Take the total Per Item Fee and divide it by the Average Ticket
2) Multiply the result by 100
• This will assist in determining the effective rate for a transaction or converting from a “rate + transaction fee” model to a model “rate only”
Example 1:
Discount Rate: 1.95% + $0.25
Average Ticket: $75
Effective Rate:
$0.25/$75 X 100 = .33%
1.95% + .33% = 2.28%
Effective Rate 2.28%
Example 2:
Discount Rate: 1.95% + $0.25
Auth Fee: $0.20
Average Ticket: $75
Effective Rate:
$0.45/$75 X 100 = .60%
1.95% + .60% = 2.55%
Effective Rate 2.70%
27
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
What is Padding?
Processor A Processor B (re-seller/ ISO)Swiped Transaction 1.75% Swiped Transaction 1.55%Keyed Transaction .31% Keyed Transaction .61%Total Total
Processor A Processor B (re-seller/ ISO)
Swiped Transaction 1.75% Swiped Transaction 1.55%EIRF Transaction .76% EIRF Transaction 1.20%Total Total 2.75%2.51%
2.16%2.06% .30% Pad
.44% Pad
• Some processors do not charge interchange fees as “pass through”, meaning that in addition to paying the surcharge on a downgraded transaction, they mark-up or “pad” the surcharge
• Be on the look out for “hidden” or “padded” fees on your processing statement
From Best to Worst
Sometimes things are not as they appear
StatementsStatements
29
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Best
This one requires a little work. It does not show the downgrade rate, only the base rate; however, it gives all the information needed to calculate your rate as well as manage your Interchange. While it is not misleading, it could be improved by giving the downgrade rates as long as partial rates are not located in several places. This one is an overall favorite for the novice (98% fall into the novice category). We call this one a “Factual Statement” while it could give more facts, it does give all the necessary information without becoming the dangerous “Lawyer’s Statement”.
30
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
The transaction volume is $10.00 the adjustment amount .11 is the surcharge from MC and passed on to the merchant. To calculate your percentage, divide the fee by the transaction volume 0.11 divided by 10.00 This shows the merchant the percentage they are paying for the Data Rate I downgrade .11%
Best
31
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Like the best statement it shows the number and volume of transactions which is crucial in managing your cost as well as your Interchange. What’s very dangerous is, at first glance, it looks like the merchant is only paying 1.95% + a ten cent transaction fee. After further review; the merchant is also paying a sales discount of .002200 as well as a Dues and Assessment fee of .000950 (on second page of statement not shown). Not counting the transaction fee can be a crucial oversight. The effective rate of 2.27% versus 1.95% is very misleading. This one is nicknamed the “Lawyer’s Statement” because they data dump to the point you can’t find the truth buried in the pile of evidence. This one is a favorite for those highly skilled in Interchange
Good
32
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
This one is nicknamed the “Political Statement”. It says a lot while saying nothing. It shows a ton of data while leaving out one key element - the downgrade transaction volume. With this missing you have no way to calculate your rate. Yes, it shows the base (contract) rate which is usually a lowball rate. Seeing how it is the only rate disclosed they typically give you a very low rate while making up their losses (and a whole lot more) in the non-disclosed rates on the downgrades (which usually make up the bulk of the merchants transactions).
Transaction Volume
Bad
33
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
This statement shows your rate but does not show the Interchange category (QUAL, MID-QUAL and NON-QUAL are not Interchange categories). In other words, you know how much you’re paying; you just don’t know for what.This is especially dangerous because you have no knowledge of how your transactions are qualifying (keeping in mind that Interchange makes up 92% of your cost). You can not improve when you don’t know what’s wrong. We call this the “No Comment Statement” because it tells you nothing.
Worst
34
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Merchants and processors have historically “enhanced” some of the commercial card data obtain better rates
The networks have the ability to edit on certain fields such as Customer Code, Sales Tax Indicator, Sales Tax Amount and Line Item Data
The Networks have begun active compliance efforts to ensure the integrity and validity of the data
Merchants must insure that data submitted is valid and accurate.
Commercial Card ComplianceCommercial Card Compliance
35
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Manage You Cost of Acceptance!
Many processors will surcharge or “pad” downgraded transactions and charge you higher fees!
Many processors do not have Level III solutions!
Keep an eye on your rates and fees and ensure your locations are properly configured on your processor’s system!
Watch for hidden or padded fees in your processing proposals.
Ensure you take advantage of the best interchange rates by processing Level III data.
Review your merchant statements!
Convenience Fees Convenience Fees Rules of Engagement
37
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Convenience Fee Definition
Charged for a bona fide convenience in the form of an alternative payment channel outside the merchant’s customary payment channels.
— Example: A face-to-face merchant allows customers the convenience of paying by phone or Internet.
Disclosed to the cardholder as a charge for the alternative payment channel convenience.
— The fee must not be disclosed as a processing fee or fee to cover merchant costs associated with card acceptance.
Added only to a non face-to-face transaction.
— Merchants who only operate exclusively in a MO/TO or Internet environment may not assess a convenience fee, as there is not an added convenience to pay through the current payment channel.
General Visa rules as they tend to be the strictest
38
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Convenience Fee Definition (cont.)
Added as a flat or fixed amount, regardless of the value of the payment due.
— The fee may not be assessed as a percentage of the transaction amount.
— There are certain exceptions to this rule for specific pilots in specific industries (e.g. tax, government, schools)
Applicable to all forms of payment accepted in the alternative payment channel.
— The fee may not be assessed only to customers paying by debit or credit card through the alternative payment channel, but rather to any kind of payment accepted through that channel.
Disclosed prior to the completion of the transaction and the cardholder is given the opportunity to cancel.
Included as part of the total transaction amount, with the exception of certain industries like utilities and tax pilot
General Visa rules as they tend to be the strictest
39
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Convenience Fee Usage
Regulated Industries
— Typically Utilities, not allowed to pass the cost of Interchange through normal costing methodologies
— Convenience Fee often broken out separately
Un-Regulated Industries
— Typically government, education, or other businesses who offer a non-traditional payment channel
— Typical alternative channels include IVR, Website, etc.
Taxing Authorities
— The networks have created special “pilot” programs for tax payments that allow percentage based convenience fees
Risk and PCI Risk and PCI Payment Card Industry Standards…
What Is It?
41
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Types of Risk
Systemic Risk
— Primarily Risk associated with large scale data breaches
— Increasingly sensitive due to PR impact and potential for civil litigation
— Often associated with organized crime and sophisticated IT “break ins”
— PCI ( Payment Card Industry Data Security Standards) meant to address major challenges
Operational Risk
— Normal fraud risk associated with individual transactions
— Can often be prevented by operational best practices
42
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
PCI – Merchant Levels
Merchant Level 1
— Any merchant processing 6,000,000 Visa or MasterCard transactions per year, or identified by another card brand as Level 1, or compromised in the last year
Merchant Level 2
— Any merchant processing 1 million to 6 million Visa or MC transactions per year
Merchant Level 3
— Any merchant processing 20,000 to 1 million Visa or MC E-Commerce transactions per year
Merchant Level 4
— Any merchant processing less than 20,000 Visa or MC E-Commerce transactions per year, and all other merchants processing up to 1 million Visa transactions per year.
43
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
PCI ComplianceMerchant Compliance Validation
Level Validation Actions Scope Validated By
1 Annual On-Site Security Audit
And
Quarterly Network Scans
Authorization and Settlement Systems
Internet facing perimeter systems
Independent Assessor or internal auditor if signed by officer of company
Qualified Independent Scan Vendor
2 and 3 Annual Self-Assessment Questionnaire
And
Quarterly Network Scan
Any systems storing, processing, or transmitting cardholder data
Internet-facing perimeter systems
Merchant
Qualified Independent Scan Vendor
4 Annual Self – Assessment Questionnaire Recommended
Network Scan Recommended
Any systems storing, processing, or transmitting cardholder data
Internet facing perimeter systems
Merchant
Qualified Independent Scan Vendor
44
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Key PCI Considerations
Do not store magnetic-stripe data after transaction authorization
— Merchants must not retain full-track magnetic-stripe data on any of their systems once a transaction has been authorized.
— Per PCI DSS requirements, merchants can retain only cardholder names, account numbers, and expiration dates.
Do not store PIN blocks after transaction authorization
— Merchants should examine all transaction journals and logs to verify that their payment systems do not retain PIN block data – even if it is encrypted – after transaction authorization.
Avoid CVV2 Storage
— When requesting cardholder CVV2 online or in mail order/telephone orders, merchants should not document this information on paper or store it in their databases after transaction authorization.
45
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Guard against SQL injection attacks caused by insecure shopping carts (primarily an E-Commerce phenomenon)
— Test SQL vulnerability using automated tools or manual techniques
— Ensure that all payment applications were developed using secure coding practices that included independent code reviews
— Validate that all merchant payment software includes all applicable up-to-date security patches
Protect against remote access vulnerabilities
— Implement a policy prohibiting group-shared passwords
— Determine from your software vendor how to securely configure your payment application.
Never use vendor-supplied defaults
— Visa encourages merchants to change vendor-supplied defaults – remove or disable features, set specific parameters, etc. – before installing payment application systems in your networks.
Key PCI Considerations (cont.)
Fraud Fraud Best Practices for Merchant
Protection
(Card Present)
47
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Quick Steps to Card Acceptance
1. Check the card security features. • Hologram, matching 4 digits under embossed 4 digits, CVV2 value, etc. • Make sure that the card has not been altered.
2. Swipe the stripe. • Swipe the card through the terminal in one direction only to obtain authorization.
3. Check the authorization response. • Take appropriate action for the specific response:
Approved Ask the customer to sign the sales receipt
Declined Return the card to customer and ask for another Visa card
Call or Call Center
Call your voice authorization center and tell the operator that you have a “Call” or “Call Center” response. Follow the operator instructions.
Note: In most cases, a “Call” or “Call Center” message just means the card Issuer needs some additional information before the transaction can be approved.
Pick Up Keep the card if you can do so peacefully
No Match Swipe the card and re-key the last four digits. If “no match” response appears again, keep the card if you can do so peacefully. Request a Code 10 authorization.
48
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
4. Match the numbers.
– Check the embossed number on the card against the four digits of the account number displayed on the terminal.
5. Request a signature.
– Have the cardholder sign the transaction receipt.
6. Check the signature.
– Be sure that the signature on the card matches the one on the transaction receipt.
Quick Steps to Card Acceptance (cont.)
If you suspect fraud, immediately make a Code 10 call to your voice authorization center.
Fraud Fraud Best Practices for Merchant
Protection
(Card Not-Present)
50
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
CNP Payment Acceptance
Take these steps to accept Card Not Present payments:
— Obtain an authorization
— Verify the card’s legitimacy:
– Ask the customer for the card expiration date, and include it in you authorization request. An invalid or missing expiration date might indicate that the customer does not have the actual card in hand.
– Use fraud prevention tools such as Address Verification Services (AVS), Card Verification Value 2 (CW2)
— Look for general warning signs of fraud
— If you receive an authorization, but still suspect fraud:
– Ask for additional information during the transaction (e.g., request the financial institution name on the front of the card)
– Contact the cardholder with any questions
– Confirm the order separately by sending a note via the customer’s billing address rather than the “ship to” address.
51
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
12 Potential Signs of CNP Fraud
1. First-time shopper: Criminals are always looking for new victims.
2. Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, crooks need to maximize the size of their purchase.
3. Orders that include several of the same item: Having multiples of the same item increases a criminal’s profit
4. Orders made up a “big-ticket” items: These items have maximum resale value and therefore maximum profit potential.
5. “Rush” or “overnight” shipping: Crooks want these fraudulently obtained items as soon as possible for the quickest possible resale, and aren’t concerned about extra delivery charges.
6. Shipping to an international address: A significant number of fraudulent transactions are shipped to fraudulent cardholders outside of the U.S. Visa AVS can’t validate non-U.S., except in Canada and the United Kingdom.
Keep your eyes open for the following indicators!
When more than one is true during a card-not-present transaction, fraud might be involved.
52
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
7. Transactions with similar account numbers: Particularly useful in the account numbers used have been generated using software available on the internet (e.g., CreditMaster)
8. Shipping to a single address, but transactions placed on multiple cards: Could involve an account number generated using special software, or even a batch of stolen cards.
9. Multiple transactions on one card over a very short period of time: Could be an attempt to “run a card” until the account is closed.
10. Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.
11. In online transactions, multiple cards used from a single IP (Internet Protocol) address: More than one or two cards could definitely indicate a fraud scheme.
12. Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.
12 Potential Signs of CNP Fraud (cont.)
53
Confidential and Proprietary © Fifth Third Bank All Rights Reserved Robert Day 1-800-884--0353
Handling Key-Entered Transactions
1. Check the terminal. Be sure your terminal is working properly. If the terminal is okay and the problem appears to be with the magnetic stripe, continue to step 2.
2. Match the account number. Check to see that the embossed account number on the front of the card matches the number indent-printed on the back.
3. Check the expiration date. Look at the “good thru” or “valid thru” date to be sure the card hasn’t expired. If the card has a “valid from” date, be sure the card isn’t being used before it is valid.
4. Make an imprint. Get a manual imprint of the card.
5. Get a signature. Ask the customer to sign the imprinted sales draft.
6. Check the signature. Be sure that the signature on the card matches the one on the sales draft. Do not accept an unsigned card.
If a card cannot be swiped, you must key-enter the card account data into your POS terminal…
When you key-enter a transaction, you run the risk of accepting a counterfeit card because the magnetic stripe information is unavailable.
You can also do a Zip Code check for additional protection.
For Visa, if the Zip Code matches, it will also allow you to qualify for a
lower interchange rate.
Choosing a Choosing a Business PartnerBusiness Partner Versus a ProcessorVersus a Processor
Find a partner that will help you manage the evolving payment landscape and “navigate the networks” for you!
Has expertise in the Business to Business market segment
Promotes Proactive Interchange Program
Shares Industry Best Practices
Supports Level II and Level III Data Transmission
The Evolution of Credit Cards in B2B Transactions Presented by:
Robert L. Day, AVP Commercial Interchange
1-800-884-0353
??
top related