The recession and heightened consumer anxiety over online security have changed the way retailers look at payment acceptance and what they need from transaction processors
Change is a constant in e-commerce, and that’s certainly true when it comes to the best ways for online retailers to accept payment.
Developments outside of online retailing have had big impacts on how consumers think about online payments. The recession has left many consumers with maxed-out credit cards looking for alternative ways to pay, while highly publicized data breaches have added to consumers’ concerns about typing card numbers into retail sites.
“Consumers are saying they want alternative payment options to credit cards for shopping online that offer them more flexibility when it comes to paying the bill because the credit crunch has reduced the limit on their credit card or they have suffered a financial setback due to the recession,” says Bill Roese, a senior vice president for payment service provider ClearCommerce/Certegy. “But they have to be secure.”
And there are changes from the retailer side, too. For example, more North American e-retailers are shipping to consumers in other parts of the world, raising a host of new issues related to payment acceptance.
On all these topics—alternative payments, security and global reach—payment processors have developed expertise that can help online retailers achieve their goals. And processors also can help cut operational expenses, one goal that is constant for online retailers.
Finding the right processor requires online retailers to understand the issues and the latest offerings from payment service providers.
Security
One issue of growing concern to Internet merchants is how to comply with the ever-changing and increasingly strict payment security standards from Visa U.S.A., MasterCard Worldwide and other major card companies that have joined forces to mandate retailer compliance with the Payment Card Industry Data Security Standard, or PCI. The PCI standard includes requirements for security management, policies, procedures, network architecture, software design and other protective measures.
As part of these requirements, larger retailers and processors must undergo regular security audits. As a result, compliance is not a one-time expense, which is why an increasing number of retailers are looking to outsource storage of their customers’ transaction data to their processor. By doing so, retailers can lower their compliance costs, since it is the processor that undergoes the security audits for data storage.
At the same time, small and mid-sized retailers are turning to processors for more security tools to upgrade their web sites and the back-office infrastructure through which transaction data passes. The reasons are twofold. First, the card companies’ PCI security mandates that now apply only to the largest retailers are expected to filter downstream soon to smaller merchants. Second, most retailers do not want to risk a potential breach anywhere in their business and suffer the negative publicity that would follow.
A major worry is that hackers might find their way into a retailer’s payment platform as customer account information is in transit between databases, possibly through indirect paths, such as through vendors with which the retailer does business. A vendor may unwittingly open a hole in its network through the addition of an application, for instance, or by adding another page to a web site or entering a new employee access code.
“Security is the big stick right now for processors,” says James Bullard, group manager, product development, for transaction processor Chase Paymentech. “Retailers want to be sure they have no holes anywhere in their platform that hackers can exploit. It’s an expensive undertaking, which is why they are looking to processors to help them navigate security issues and reduce associated costs.”
New ways to pay
Retailers also are looking to processors for help in providing alternative payment methods to offer customers.
Between the recession and the credit crunch hitting consumers, many e-retailers of more expensive goods are seeing credit card volume go down and more shoppers requesting alternative payment options with more flexible payment terms, according to Bala Janakiraman, principal product manager for processor Litle & Co.
“We have one retailer that added BillMeLater as a private-label product in November 2008 because of the flexible payment options it offers consumers, such as 90 days no interest, and by February 2009 it was the second-ranked method of payment based on transaction volume,” he says.
“Retailers have to think more about adding payments that match the needs of new and existing customers if they want to boost sales in this economy,” Janakiraman continues. “Flexible payment options deliver more control to the retailer to offer incentives that can grow their business.”
This is particularly important for e-retailers that are expanding globally. They are discovering that many shoppers in other countries prefer alternative payment options that have a local flavor, such as allowing a shopper to pay for the purchase in cash at a local bank that is part of a processor’s clearing network.
One reason some consumers prefer to pay in cash is that they have neither a credit card nor checking or savings account that can be directly debited through the automated clearing house (ACH), an interbank network for settling payment transactions.
“Cash is a popular, secure payment method in Japan, Russia and Brazil, and postal money orders are a trusted way to pay in China,” says Ron Vollebregt, chief operating officer of payment service provider GlobalCollect. “There are a number of consumers around the world that prefer to pay with cash, and retailers that sell globally must cater to those local payment preferences or they won’t get as high a conversion rate as desired.”
Retailers that do not offer the preferred payment methods in each market can lose up to 60% of local sales, according to Vollebregt. “Retailers need to be sure the type of payment methods offered appeal to the local customer base, or risk losing business,” he adds.
Bank transfers
E-retailers selling internationally also should ask if their payment service provider offers alternative payment methods such as real-time bank transfers from a shopper’s bank account or the ability for a consumer to pay for an online transaction using cash, as both payment methods are popular outside the United States.
Online real-time bank transfers connect a shopper directly to his bank account when he clicks on a payment icon on the retailer’s site. What makes this attractive to retailers is that such transfers eliminate the risk of fraud since the shopper must identify himself to his bank using a password or other identification method. Plus, there is no chargeback risk. Funds are then transferred to the retailer immediately.
A shopper can pay by cash by clicking on the appropriate icon on the retailer’s checkout page, which links the shopper to a page with a transaction voucher and bar code. The shopper prints the voucher and presents the voucher and the cash for the purchase to a local bank affiliated with the processor. GlobalCollect works with 250 banks around the world to handle such in-person cash payment of online transactions.
After accepting the voucher and the payment, the bank scans the voucher into the processor’s network and electronically transfers payment. The processor matches the bar code with the transaction identification number on file and electronically settles the transaction with the retailer. Retailers can check deposits made to their account online 24/7.
“Cash payments are used to complete as much as 30% of online transactions in Brazil,” says GlobalCollect’s Vollebregt. “These are low-cost, no-risk transactions for the retailer because they are not susceptible to fraud.”
Pay by phone
Cash acceptance is not the only way for e-retailers to attract new shoppers that do not have credit cards or that lack a bank account. Charging online purchases to a shopper’s phone bill can broaden payment acceptance and help retailers reach new customer demographics.
Typically, this payment method is used to purchase digital content such as on-demand video, music and games. The risk of hackers using the phone number to make other purchases is reduced because the consumer’s landline telephone account is billed and steps are taken at the time of purchase to authenticate the phone number and the shopper.
“There are limits to how much can be charged to a phone bill, and what purchases can be billed to a phone number aren’t likely to appeal to criminals that use stolen credit card account data to purchase goods,” says Greg Carter, CEO of payment processor BSG Clearing Solutions. BSG’s payment services link retailers to more than 1,400 telephone carriers and can reach approximately 110 million households in North America.
BSG’s Bill2Phone service connects directly to the retailer. Transaction data flows from the retailer to BSG, which routes it to the phone carrier in the proper format. Purchases are charged to the shopper’s monthly phone bill. After the shopper pays the phone bill, the carrier routes payment for the purchase to BSG, which settles with the retailer.
In 2008 BSG cleared and settled hundreds of millions of dollars in phone-based transaction volume, which includes Bill2Phone digital transactions, long-distance charges, operator-assisted calls, enhanced services charges and recurring subscription-based charges.
Phone carriers charge BSG a flat transaction fee or a percentage of each transaction, which it passes along to retailers. “While the carrier fees vary, retailers with an average ticket of $10 can cover the transaction costs and still net a profit,” says Carter. “Bill2Phone is a way for retailers to add value to their payment acceptance strategy at a time when shoppers may have limited open credit to make purchases, have stopped using their cards because of the recession or who fear online fraud.”
Fraud controls
Billing to a telephone number also reduces the risk of fraud. BSG, which also offers credit card processing, uses a multi-pronged strategy to prevent fraud. Retailers can request real-time information from BSG about any recent billing disputes over other phone charges associated with the shopper’s phone number. BSG gathers the data through the billing service it provides phone carriers.
BSG provides a comprehensive risk management solution and also has tools and information available to identify what types of telephone numbers are available for this form of billing.
BSG’s URU Identity Authentication service verifies the shopper’s identity using such techniques as age verification and verification of the shopper across multiple commercial and proprietary databases. “Our goal is to provide retailers of digital content a truly low-risk, alternative payment method to credit cards,” says Carter.
Authenticating the shopper not only reduces fraud, but prevents chargebacks that occur when a family member attempts to make an unauthorized purchase, according to Carter. “Allowing accountholders to impose spending limits can reduce the chance of misuse of the account by a family member that knows how to access the account and authenticate themselves, which is a benefit to retailers, since they incur a cost to defend chargebacks.”
‘I never got it’
Transaction disputes are a common occurrence for retailers of digital content. The most frequent claim is that shoppers insist they never received delivery of the content.
ClearCommerce provides tools that allow retailers of digital content to verify that downloaded content has been received before the shopper can open the file.
“Proof of delivery is tough to prove in the world of digital content from a retailer’s standpoint,” says Steve Kuzio, vice president of strategic planning for ClearCommerce/Certegy, a Fidelity National Information Services Company, that provides payment processing and fraud management tools to e-retailers as a part of its CommercePointe suite of services. “Requiring the shopper to verify the download has been received before the file can be activated eliminates chargebacks arising from such claims.”
One pitfall retailers need to guard against when it comes to fraud detection is rejecting good transactions because they show characteristics of fraud. These types of transactions, often called false positives, can damage customer loyalty and the retailer’s brand.
Keeping a database detailing characteristics of a good transaction and tracking individual customer’s shopping patterns, such as the time of day when they typically purchase and the IP address of the device they typically use, can significantly reduce false positives.
“A lot of retailers don’t factor in positive transaction histories when making the decision whether to accept a transaction,” says Will Hazama, vice president of sales for ClearCommerce/Certegy. “Rejecting a good transaction can be insulting to shoppers, and retailers want to avoid this whenever possible.”
Understanding the data behind each transaction can help retailers identify what are the common factors to chargebacks. Litle & Co., for example, offers chargeback management consulting that includes reviewing the reason codes assigned by Visa and MasterCard to each chargeback. As part of its chargeback analysis, Litle & Co. will look for common underlying factors, such as customer claims they did not receive what was ordered. Litle & Co. will then work with the retailer to identify ways to improve fulfillment to reduce such claims, which lead to chargebacks.
“Common reasons for a chargeback are ‘not as described’ or ‘defective,’” says Jason Pavona, executive vice president of sales and marketing for Litle & Co. “Once retailers understand the reasons behind the chargeback, they can look internally to indentify where and how the problem originates. A good processor helps retailers track this type of information and identify where bottlenecks occur and how to correct them so business goals can continue to be met.”
The same principles can be applied to fraud detection. “If a retailer is performing manual reviews on 25% of transactions and still suffering from a high fraud rate, they need to step back and ask what is the cause of the fraud and do they have the tools to detect it,” says Pavona. “This exercise helps retailers determine the optimal percentage of transactions to manually review and whether that fits their business goals.”
To illustrate his point, Pavona says that a retailer with higher margins can afford to manually review a higher percentage of transactions than a retailer with thinner margins. “Fraud-detection applications have to be matched to the retailer’s business and keep pace with changes in the way criminals perpetrate fraud,” he adds. “There is no one-size-fits-all approach.”
Know the territory
Retailers that sell globally are advised to select processors that have fraud-detection tools specific to merchant categories and local markets. GlobalCollect, for example, partners with InterCard AG, which provides tools designed to spot fraudulent direct debits in Germany.
“Sometimes local experts can provide a stronger level of fraud prevention and detection in a specific country,” says GlobalCollect’s Vollebregt. “The same goes for partnering with specialists in vertical markets.”
Other fraud-detection companies GlobalCollect partners with include Retail Decisions and Quova Inc., a provider of Internet geolocation data to determine where shoppers are located. Geolocation is helpful in spotting IP addresses originating from countries that are hotbeds of fraud.
Another way to thwart criminals is by encrypting transaction data as it enters a retailer’s server to prevent identity theft as the information moves downstream to the processor. Identity theft is one of the largest sources of fraudulent online transactions.
Chase Paymentech has developed a public-private encryption key code that allows retailers to encrypt customer transaction data entering their servers using the public key code, but prevents them from opening it once the data is encrypted. Chase Paymentech is the only holder of the private key code that can unlock the data and convert it into a readable format to ensure the message cannot be decrypted within their systems either by a rogue employee or a hacker.
Chase Paymentech developed the encryption method to protect transaction data as it moves out of the retailer’s server and across its processing network. “Most data breaches take place while data is in transit to another touch-point, not while the data is in storage,” says Chase Paymentech’s Bullard. “Encrypting transactions addresses the security concerns for securing transient data within a client’s network upstream of the card number encryption process.”
Cutting costs
In the past, e-retailers validated good shoppers by running small transactions using the Credit Card Verification (CCV) number, at the point of purchase, to validate the card. The retailer’s processor would charge a fee for running this transaction and many merchants would neglect to inform their processor to reverse the amount after verification, negatively affecting the cardholder’s available balance.
In February 2009, Visa enacted the Visa Authorization System Zero Dollar Verification Message, which allows a retailer to validate the CCV and other authenticating pieces prior to obtaining an actual authorization. This is a way of saving the merchant from incurring additional authorization charges, and protects the cardholder’s open to buy.
“Offering retailers zero dollar authorizations can add up to a substantial savings and improve customer satisfaction with the overall transaction,” says ClearCommerce/Certegy’s Kuzio.
Helping retailers increase their operating efficiencies through improved automation is another way processors are helping retailers control acceptance costs. Through its Orbital Payment Gateway, Chase Paymentech plans to offer additional automation by sending electronic updates to credit card account data kept on file for recurring billing. When a credit card expires or is reissued because it has been reported lost or stolen, retailers that charge customers on a recurring basis must update the account information.
Currently, Chase Paymentech sends the updated information to the retailer, which then manually inputs it into their system. “Once this process is automated, we can electronically update the account data for the retailer,” says Bullard.
In addition to helping retailers streamline their operations, Chase Paymentech offers a variety of alternative payment methods, including PayPal, BillMeLater, Green Dot MoneyPak and electronic checks.
Another way processors can help retailers lower their acceptance costs is by offering a direct, secure connection to the processor’s network. Typically, e-retailers connect to their processor through a third-party secure gateway. The third-party gateway encrypts the transaction data and transmits it over the web back to the payment processors in the format they desire. Third-party secure gateways add an extra layer of cost to processing since they charge their own fees.
Connecting directly to a payment processor enables the retailer to remove the additional layer of cost created by third-party gateway service providers. “Retailers need to ask if a third-party gateway connection is worth the additional money,” says Litle & Co.’s Janakiraman. “For retailers looking to reduce acceptance costs, connecting directly to their processor is a good place to start.”
Eliminating operational redundancies, such as trimming the number of fraud-detection applications used, can further reduce a retailer’s payment acceptance costs. “Many times retailers will support fraud-detection applications that are not highly effective,” says Litle & Co.’s Pavona. “Retailers are better served by performance testing which fraud-detection applications are the most effective and eliminating those that don’t work as well. Supporting operational redundancies is costly.”
Litle & Co. offers an array of services beyond credit and debit card processing, including recurring billing, alternative payments such as BillMeLater, electronic checks and PayPal, as well as international transaction processing.
Given the wide range of processor capabilities, retailers can leverage the expertise of payment service provides to close more sales through offering local and alternative payment types and fine-tuning their fraud-detection practices, and they can reduce costs by streamlining the payment chain. Understanding the technologies and techniques available can help an e-retailer find the best fit in a payment service provider partner.
“Payments are a large part of any successful e-retailer’s business strategy and can provide a competitive advantage,” says Vollebregt. “As a payment service provider, you have to understand the retailer’s business needs to provide the right platform, payment method mix and fraud screening tools.”
