Payment Processing 101 Timelines & Deliverables PRESENTED BY Pg: 1 March 7, 2018 www.clearwaterpayments.com
Quick Agenda Credit/Debit Transactions Industry Definitions Transaction Process Cost/Pricing Components and Options Reducing Chargebacks Card Safety echeck/ach Transactions EBPP/Payment Channels Conclusion Why Electronic Payments/Cards/eChecks/EBPP? Payment trends Pg: 2
Credit/Debit Transaction Process - Definitions Merchant The organization accepting credit/debit payments for goods and services Acquirer/Payment Processor Registers merchant with the card networks, perform payment authorizations, reconciles and transmits settlement batches Payment Gateways Connects payment applications to Acquirers/ Payment Processors Card Associations (e.g., Visa/MasterCard) Entities that regulate card acceptance rules, sets interchange schedules Issuing Bank (Chase, Wells Fargo, Capital One, etc.) Financial institution that offers card association branded payment cards directly to consumers and extends line of credit to card holders Sponsor Bank Chartered bank that is a direct member of Visa and MasterCard, providing Acquirers access to these card networks Pg: 3
Credit/Debit Transaction Process CONSUMER MERCHANT PAYMENT PROCESSOR CARD ASSOCIATION ISSUING BANK 1. Consumer enters card data in merchant s payment system 2. Merchant sends card data to Payment Processor 3. Payment Processor verifies card/account and sends data to the Card Association (e.g. Visa, MasterCard, etc.) 4. Card Brand requests authorization from the issuing bank 7. Merchant receives funds for completed payments and updates appropriate systems 6. Payment Processor authorizes or declines the transaction; settles the transaction 5. Issuing Bank sends authorization or declination code through Card Brand back to the Payment Processor Pg: 4
Additional Terms Card Not Present/Card Present as the name implies, whether or not the consumer and physical card is present drives anti-fraud tool requirements and different interchange classifications MCC Merchant Category Code; defines the type of merchant (e.g., Utility) and further drives interchange schedules Basis Points (bps) used in pricing, 1/100 th of 1 percent Example: 20bps =.20% = 0.0020; 20bps on a $100 transaction = $0.20 Debit Card vs Credit Card Debit Cards/Pre-Paid Cards are typically tied to an account balance; Credit Cards are typically tied to a line of credit: Regulated Debit (e.g., Durbin) sets interchange on large bank Debit Cards; Non-regulated - % based interchange, includes prepaid PIN-Debit is on alternative/atm networks (e.g. STAR, NYCE) typically requiring a PIN; some PIN-less for certain merchant classes Pg: 5
Cost Components Interchange Amount paid to the issuing bank for processing transactions and risk of credit exposure to cardholders Largest component of cost for processors and merchants Set by card brands, charged to payment processors and paid to issuing banks Based on industry of merchant and card type (ex: risk and cardholder rewards) Interchange schedules are listed on Visa and MasterCard s site Dues and Assessments Fees paid to the card associations FANF Fees, Kilobyte Fees, Brand Fees, etc. Processor Fee Fee paid to the payment processor that manages the transaction - authorization or settlement fees Pg: 6
Additional Pricing Options from Payment Processors If you plan to absorb processing costs (aka, no cost to bill payer) Cost-Plus Model pass through of actual interchange and dues/assessments PLUS processor fees, typically in terms of $-cents per transaction and/or percentage basis point (BPS) on settled dollar value Discount Rate Model a percentage or a fixed cost per transaction that covers all the interchange, dues/assessments, and processor fees If you plan to pass some or all costs to the bill payer Convenience Fee fee per transaction to cover all processing and payment costs, typically fixed, percentage or tiered Hybrid Fee fee charged to bill payer that partially covers processing and payment costs Pg: 7
What is a Chargeback? Chargeback When a cardholder disputes a charge with their issuing bank which leads to a reverse of the payment and refund to the cardholder (withdrawn from merchant s account) After a Chargeback Reverse transaction path = Issuing bank recovers funds from the payment processor and the processor must recover chargebacks from the merchants who generate them Often received weeks or months after the original payment and, therefore, can be difficult to recover funds Processor/Merchant can dispute a chargeback by providing proof of authorization, delivery of goods, etc. and re-submit Pg: 8
Minimizing Chargeback Risk Fraud Protection Card Associations add anti-fraud measures such as Address Verification Services (AVS) street number or zip code where cardholder statement is mailed; CVV code the 3 digit code on the back of your card (not included in mag-stipe data or EMV Chip so card must be in hand ) Payment Processors monitor and research chargebacks Merchants should have additional steps for verifying the user or account holder in real-time Managing Disputes/Chargebacks Establish processes to manage chargebacks Create documentation and sufficient reporting Merchants should take appropriate measures with bill payer Pg: 9
Credit Card Safety Card Brand Rules Card Associations (Visa, MasterCard, AMEX, Discover) publish and regularly update operating regulations and card acceptance policies and procedures. Payment processors, merchants and their users must follow these rules. Payment Card Industry Data Security Standard (PCI DSS) PCI DSS is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. Requirements are set by the Payment Card Industry Security Standards Council (PCI SSC) Pg: 10
PCI DSS Continued PCI DSS has varying levels of requirements based on volume of card activity, if you store cardholder data and the types of transactions that are processed Merchants must be PCI DSS compliant, while Payment Processors require annual security audits and quarterly vulnerability scans to maintain status as a Level 1 PCI DSS-Compliant Service Provider Self-Assessment Questionnaires (SAQ) are required for any entity that accept card payments. The level of questionnaire complexity and any required external assessors and vulnerability scans are driven by how your systems and processes handle cardholder data. Typically, a merchant that uses a third party payment processor to capture and process cardholder data is only required to submit an SAQ-A. This is an assessment statement jointly completed by the merchant and processor for examination in their audit process. Pg: 11
PCI FAQS What is a Vulnerability Scan? Quarterly system and network scan performed by a third party that looks for external access vulnerability and validates security standards. Do organizations using a 3 rd party payment provider have to be PCI-DSS compliant? Yes. Any organization that accepts card payments is subject to PCI compliance. However, the level of requirements varies based on how you interface with your processor. What is Cardholder Data (CHD)? CHD is the full 16-digit Primary Account Number (PAN); or the PAN, cardholder name, expiration date, service code. Can I store cardholder data? The requirement to store cardholder data is usually driven by recurring payments. We highly advise against storing cardholder PAN data (on-site audits and scans required). We recommend using a third party to tokenize and vault store the token for recurring and wallet credentials. Visit www.pcisecuritystandards.org for more details. Pg: 12
echecks/ach Transactions EFT Electronic Funds Transfer echeck Electronic Check ACH Automated Clearing House NACHA National Automated Clearing House Association ACH Standard Entry Class Codes: The ACH systems uses SEC codes to define the type of transaction and the associated processing and authorization rules. Common SEC for bill payment: PPD Preauthorized Payments and Deposits most common transaction type for recurring bill payment or direct deposit of payroll TEL Telephone Initiated Payments WEB Internet Initiated Payments Pg: 13
echecks/ach Transactions ACH/eCheck Transactions are a very cost effective method to settle bill payments, however, unlike card-based transactions, there is not a real-time authorization system. Preventing ACH Returns ACH is batch settled without authorization so subject to NSF, Account Closed or Account Not Found Returns utilize processor verification services to reduce administrative errors Similar to credit card precautions, make sure to verify users and accounts as much as possible Have sufficient reporting tools in place to avoid settlement and reconciliation issues If multiple ACH returns occur, consider blocking payment methods or bill payers from paying with ACH Pg: 14
ACH Transaction Process ACH Operators The Federal Reserve and The [NY] Clearing House ACH Network is based on a system of warranties between the ODFI, RDFI and Operator. ODFI Originating Depository Financial Institution RDFI Receiving Depository Financial Institution NACHA Rules directly apply to these participants. Enforcement is focused on the ODFI and RDFI. Originator Originator s Agent Third Party Agent facilitating the payment processing Company with the relationship with the end-user Receiver authorizes Originator to debit their account single entry, recurring, implied (check conversion), etc. Receiver Individual or business entity that is authorizing payment ODFI s extend these network rules to Originators and Third Parties via contractual agreement. Regulation E is also extended to the Originator, regarding compliance.
Key Trends in Electronic Billing and Payment (EBPP) Continued demand for self-service options has driven electronic billing and payments into the mass adoption stage Continued adoption of e-commerce married with development in mobile wallets and payment apps are driving electronic payments Mobile and Tablet usage 77% of mobile phones are smartphones; over 50% of your customers are likely viewing your bill or making a payment on a 3 x 4 smartphone screen Regulations typically drive complexity of billing statements while consumers prefer summary statements and actionable notices (like the ability to make or schedule a payment quickly) Pg: 16
Payment Channels Online/Web IVR/Phone Payments Automated or Agent Mobile Mobile Website Native Apps Kiosk POS/Card Present Pg: 17
Conclusion Why is this important? Why Electronic Payments? Reduced operating costs associated with handling of cash and paper checks; faster payments, faster funding and improved reporting WhyCredit/Debit Cards? Becoming the preferred method of consumers through technology advancement (ewallets, PayPal, Apple Pay = EASY!) Why echeck/ach Payments? Significantly more affordable and beneficial to your organization than credit cards or physical checks Why EBPP? Offer electronic payment and presentment channels to speed up settlement and allow self service; opportunity to turn off paper statements and reduce costs 25% higher satisfaction; 50% reduction in document and delivery costs Pg: 18
Payment Trends ACH and Debit Cards Card-Not-Present transactions represented 44% of card payments last year Over the last year Bank Bill Payment declined by 1.4% while Biller Direct payments increased by 2.5% Average household has 2.3 credit cards; 76.1% revolve a balance (average outstanding is $3k) ACH volumes continue to grow since 2010, TEL transactions are up 43%; WEB are up 81% (4.6b) and PPD-DR are up 31% Pg: 19
Thank you!! Increased Customer Convenience Customers can make payments when and how they want Faster Funding Our solution shortens your receivables time-frame & consolidates all payment channels in one simple daily deposit Flexible Pricing Convenience fee, flat rate, costplus, or hybrid model Speedy Implementation Start collecting payments quickly with our streamlined, fast implementation process that eliminates lengthy project queues www.clearwaterpayments.com Enhanced Security Fully-PCI certified solution that employs leading edge security including encryption, tokenization, & state-of-the-art fraud detection tools Pg: 20