june 21, 2013 © 2013 wells fargo bank, n.a. all rights reserved. confidential. merchant services...
TRANSCRIPT
June 21, 2013
© 2013 Wells Fargo Bank, N.A. All rights reserved. Confidential.
Merchant Services –Best Practices and Industry Updates
Robert K. Gongwer Vice President Wholesale Merchant Sales Officer(813) 431-4654
2
Topics
I. Understanding & Managing Costs
II. PCI Compliance
III. Industry and Regulation Updates
III. Payment Trends & Payment Gateways
2
Understanding & Managing Costs
3
Interchange
A percentage fee applied, according to Visa/MasterCard regulations, to the dollar value of each transaction.
What is it?
The fee is paid by the acquirer to the issuer. This cost is then passed through to you.
Who Pays for
it?
4
Interchange85%
Assessments4%
Additional Fees2%
Processing 9%
InterchangeEquipment/ Software/
Gateway fees
Assessments & Access
Fees3rd party fees
Monthly service and statement
fees
Non Bank auth fees
Compliance fees
Downgrade fees
What do Merchants Pay?
Components of Merchant Pricing
5
What impacts interchange costs
Card Type
SystemConfiguration
MerchantCategory Code
PaymentChannel
6
Dodd-Frank Act (Durbin Bill)October 2011
Retailers vs. Big Banks (over 10B)– $35 Billion was up for grabs
Debit Interchange– Previously $0.44
– Proposed $0.12
– Settled 0.05% + $0.22
Went into effect October 1, 2011 Banks under $10B not affected Over $10B – issuing side of WF
– Fees paid for:
• Free Checking accounts
• Debit Rewards
• Customer Service for accounts
7
Interchange optimization
You are in control.
Best Practice
• Address Verification Service
• Settle batches on time
• Send correct processing flags
• B2B Line item details
• Review statements monthly and track for anomalies
• Be aware of Card Brand changes
• Periodic reviews with your acquirer
Why?
• Provides some risk mitigation and lower interchange rate
• Lower interchange rate, easier reconciliation
• Lower interchange rate, improves chargeback rights
• Lower interchange, data passes to Payer
• Quickly identifies process issues
• Spring/Fall releases often have systemic changes that impact interchange
• Confirms process optimization
8
Purchasing Cards - level 2 and 3 data
Did you know?
“Between 2005 and 2007, P-card spend in North America grew from $110 billion to $137 billion. The predicted purchasing card growth rate is 12% per year between 2007 and 2012 to reach $218 billion.”
Lower your processing costs on commercial cards by collecting Level 2 and 3 data.
The benefits of Purchasing cards (P-cards) are driving preference for level 2 and 3 data enabled merchants.
Source: 2007 Purchasing Card Benchmark Survey Results, RPMG Research Corporation
9
You SAVE Money
Review statements to
determine opportunities to qualify for better
interchange rates
Register with card associations
for large ticket programs
Educate on how to pass Level 2 &
3 data with transactions
Outcome = able to quantify the financial impact
10
What if you had a partner to assist?
Where is the opportunity?
11
You use commercial cards to pay vendors…do you accept them?
Do you accept transactions over $5k? • If so, are you on the Visa/MC Large Ticket
programs and passing Level 3 transaction data?
• If not, are you passing Level 3 transaction data?
Are you currently storing credit card #’s on your systems or anywhere in your offices?
Are you PCI compliant or challenged with compliance issues?
PCI Compliance
12
What is PCI DSS?
Payment Card Industry Data Security Standard (PCIDSS) A common set of industry tools and measurements to help
ensure the safe handling of sensitive information. Developed and managed by the PCI Security Standards
Council
Applies to all merchants and third party service providers that Store/Process/Transmit Card Holder Data Develop/ Sell Payment Applications
13
Typical Risk any Merchant Faces
Merchants must proactively deploy controls and processes to reduce overall risk exposure associated with bankcard acceptance.
RISK
ChargebackInternal
External
14
Compliance levelsCompliance classification level
Number and type of annual transactions
Annual submission of compliant PCIDSS Report on Compliance
Annual submission of PCIDSS Self Assessment Questionnaire
Quarterly network Scan
Level 1 More than 6Million Visa annual transactionsAll transaction types
Level 2(ROC or ISA)
1- 6Million Visa or MasterCard annual transactionsAll transaction types
Level 3 20K - 1Million annual Visa eCommerce transactions
Level 4 All other merchants
15
12 steps to information security
1 Install a working network firewall. 7Assign a unique ID to each person
with computer access.
2 Keep security patches up-to-date. 8Don’t use vendor supplied defaults
for system passwords.
3 Encrypt stored data. 9Track all user access to data by
unique ID.
4 Encrypt transmission of cardholder data across open networks. 10
Regularly test security systems
and processes.
5 Use and update anti-virus software programs. 11 Maintain a policy that addresses
security.
6 Restrict access to data by business need-to-know. 12
Restrict physical access to
cardholder information.
Use these resources to stay on top of data security issues:
• www.pcisecuritystandards.org
• pci.trustwave.com/wellsfargo
• Wells Fargo Merchant Connect: https://www.wellsfargo.com/biz/merchant/service/newsletters
• Merchant News Express
16
PCI: Remove sensitive payment information off of your system
17
COST OF NON COMPLIANCE : If a Level 3 merchant is found to be non-compliant they can be fined up
to $25,000 per month.
COST OF BREACH : Merchants bear the cost of all card replacements and
card holder notifications. Cost per
breached record: between $100 and
$300.
COST OF CUSTOMERS: The price of your
institution's damaged
reputation is difficult to quantify ...
COST OF NON COMPLIANCE
Industry and regulatory updates
18
Ongoing Changes for Payments Industry
19
• Debit card use for low-price purchases becoming more expensive
• Interchange rules causing discontinuation of rewards programs
•Merchant discounts used to build loyalty in lieu or rewards programs
• IRS backs down on reconciliation requirements
• New fees from the Payment Networks
• Interchange amendment debit rate cuts didn’t help consumers
• Prepaid card fees face scrutiny as prepaid card products proliferate
•Mobile and digital wallets in spotlight
• Google Wallets: Requires NFC and Android on phone
• Apple: preparing to enter payments arena?
Regulatory
New entrants into payments
Next steps• The settlement will not be complete until approved by the U.S. district court, expected mid
to late 2013.
• Outcome of the settlement is also unresolved because it has come into question due to public opposition coming from Wal-Mart, Target and trade groups representing the nation’s convenience stores and gas stations (NACS) and cooperative grocers (NCGA), among others.
Interchange Settlement: July 2012
20
Outcomes $6.6 billion cash payment to class
plaintiffs settlement escrow account
Lower credit interchange to 10 basis points (.10%) for 8 months
– Providing $1.2 billion to settlement escrow account
Merchants now permitted to surcharge transactions paid with credit
– Previously prohibited
Unintended consequences• Surcharges
– Percentage or flat rate?
– State laws (10) forbid surcharges
– POS impact – some equipment may not support surcharges
• Systems, operations impacts
• Consumer experience: Will they continue to use credit cards?
PayPal and Discover to engage in joint effort
21
Overview
• PayPal’s 50 million active U.S. customers will be able to potentially take advantage of Discover’s 7 million locations across the U.S. and international merchants in the future.
• This joint venture will create an alternative payment option for consumers at the point of sale.
Timing
• PayPal and Discover are expected to provide PayPal’s new rules and interchange pricing in Q4 2012 for changes anticipated to be implemented in the Q2 of 2013.
Customer impacts
• PayPal as a fifth payment network may require a number of changes for Wells Fargo Merchant Services and our customers.
• These may include legal changes to existing documents, system changes, additional Payment Networks processing updates and increased communication with merchants to explain the new requirements.
Discover and PayPal recently announced a plan to enable participating merchants to accept PayPal through their existing relationship with Discover.
Trends in purchase volume
22
Source: The Nilson Report, Issue 988, Feb. 2012
American Express® overtook MasterCard® to gain 2nd place among general purpose credit card brands in the U.S.
Discover® reached parity with Visa® and MasterCard in the number of U.S. card acceptance locations.
Visa debit cards and credit cards generated the most purchase volume in 2011 vs. all debit and credit products from the other brands.
Visa
• FANF: Fixed acquirer network fee
• Debit integrity fee• Changes to
interchange rates• Interlink switch fee
change & new interchange programs
• Qualification criteria changes
AMEX• New inbound fee
Discover• Increases assessment
fee• Changes to
interchange rates
Visa• Debit integrity fee
changes• Phase 1 of EMV
adoption• PIN authenticated Visa
debit
MasterCard• Different rates for U.S.
consumer debit and prepaid cards
Visa/MasterCard/ Discover• New interchange rates• Qualification (rules)
criteria changes
MasterCard
• Annual acquirer license fee /Third Party Processor (TPP) Type 3 implemented (Similar to Visa’s Fixed Acquirer Network Fee (FANF)
Visa• Payment network
adoption of EMV in the U.S.
EMV• Q2 2015: Liability shift
for non-fuel merchants
PayPal/Discover
Payment network changesMoving beyond traditional roles Visa acquired CyberSource, partners with Square through investment and counsel MasterCard partners with Google and Citigroup for mobile payments Networks replace lost revenue with mandated fees; issuer benefits diminish
23
October 2012 Fall release December 2012
April 2012Spring release
2013-2017
Check Wells Fargo Merchant Connect for payment network news updated each quarter.
Visit: www.wellsfargo.com/biz/merchant/service/newsletters to reference past issues.
EMV benefits for card present retail
BackgroundSeveral countries outside of the U.S. have made advancements in payment infrastructures and have strengthened fraud prevention.
Security threats indicate the need to enhance the U.S. payments infrastructure
EMV (Europay, MasterCard and Visa) is a standard for globally interoperable, secure payments, and its coming deployment in the U.S. represents a significant move towards an enhanced payment ecosystem
Merchant benefits of payment network EMV compliance
By supporting EMV, liability for charge-backs and costs of fraud at the point of sale will not shift to merchants once new payment network EMV rules go into effect
Enable more payments from international travelers using their EMV-enabled payment cards
What merchants must do
Install EMV-enabled chip terminals/devices in order to accept EMV-enabled cards
24
Impact of EMV on fraud in Canada
25
As EMV penetration at POS increased, counterfeit fraud significantly decreased.
Source: MasterCard Analysis, 2012 ** % face-to-face EMV penetration.
Prior to EMV migration, Canada noticed a spike in counterfeit fraud most likely due to migration of fraud from other countries.
EMV implementation timeline
26
Visa MasterCard Discover American Express
Oct 2013
Merchants may receive PCI validation relief upon adoption of EMV enabled chip terminals.• PCI relief if 75% of
transactions originate from chip terminals.
Same as Visa
April 2013
Acquirers and processors must support chip processing (certification required).
Same as Visa. Acquirers and processors must support chip processing.*
Same as Visa.
Oct 2013
Account data compromise (ADC) relief: Merchants receive 50% account data compromise (ADC) relief if 75% of transactions originate from EMV enabled chip terminals.
Merchants may receive PCI validation relief upon adoption of EMV enabled chip terminals
Oct 2015
Liability shifts to merchants from issuers if the fraud could have been prevented using chip technology.
Liability shift same as Visa.
Account data compromise (ADC) relief: Merchants receive 100% ADC relief if 95% of transactions originate from EMV enabled chip terminals.
Liability shift same as Visa.
Liability shift same as Visa.
2017 Expanded liability shift to include Automated Fuel Dispensers.
Same as Visa. Same as Visa. Same as Visa.
*Discover’s fraud shift will be based on the level of protection around transaction versus a percentage based transaction threshold.
Payment Trends and Payment Gateways
27
28
Source: Nilson, Federal Reserve, NACHA, ATM&Debit News, WF Analysis
Number of Transactions (billions)
Payment Landscape
Debit card
ACH
Stored value
Checks
Credit card
Roadmap to Success
29
Know your business
Leverage technology
Enable resources
Deploy model
Today Best
Manual
Low
Unknown
Automated
High
Managed
Resources
Visibility
Risk
30
POS System
Encrypted Transmission (SSL)
MerchantBuyer
API Hosted Order Pay
Page Virtual Terminal
Payment Gateway
Associations IssuingBank
Machine Readable
Files
Web-based Reports
ACH Network
RDFI
Payments
Compliance and
Risk Management
Subscription Services
Reconciliation
WF/ODFI
Processor
Web Store
Call Center
Payment Flow
VAR or Payment Gateway
Secure Storage (Tokenization)
INITIAL TRANSACTION
Payment Informat
ion Transmit
tedPayment
Information Processed through
Wells Fargo Payment Gateway®
If Auth=Y, Token
Created, Card
Number Stored in Secure Storage
Authorization Result & Token
Returned to
Merchant
Token stored
on Merchant System
Payment Token Transmi
ttedWells Fargo
Payment Gateway® matches Token to
credit card number and Processes
Token & Card
Number Stored in Secure
Storage
Authorization Result &
Token Returned to
Merchant
Token stored
on Merchant System
SUBSEQUENT TRANSACTIONS
31
Safely STORES sensitive payment information in a PCI compliant data center on our network and gets it off of yours.
Article by The Aberdeen Group
“Do not lose sight of the importance of quality. Selecting and enabling technology is more complicated than checking a box or finding the lowest-cost provider.”
32
Thank you
HELPFUL LINKS
www.visa.com/merchantsurcharging
PCI Security Standards Council - www.pcisecuritystandards.org
Interchange Clearing Matrix - www.wellsfargo.com/biz/creditinterchangeplus
Payment Network Pass-through Fee Schedule www.wellsfargo.com/biz/merchantpassthroughfees Visa Fixed Acquirer Network Fee (FANF) - www.wellsfargo.com/visanetworkfee
© 2013 Wells Fargo Bank, N.A. All rights reserved. 33