Transaction Trends January 2011 by Content Communicators, LLC

Transaction trends The Official Publication of the Electronic Transactions Association

SPRINT or 2011 Outlook:

PLOD?

The rise of mobile payments leaves acquiring industry guessing

| January 2011

ALSO INSIDE: Data Breaches Quantified ISO Finds Success in Cause-Based Marketing Does Credit Make Sense in Real Estate?

From Las Vegas to Okinawa. Every day, more travelers to the U.S. are making their card purchases on the Discover network. With more international acceptance partners than any other network, it’s a safe bet for generating more tourist revenue. ®

DiscoverNetwork.com

Transaction trends The Official Publication of the Electronic Transactions Association

Vol. 16 | No. 1

cov e r s to ry

10 2011 Outlook: Sprint or Plod?

By Richard H. Gamble Despite a stagnant economy, lack of credit, and scant consumer confidence, the mobile payments revolution is taking off. But whether telecom or Internet giants displace the card brands or just provide the rails for future electronic payment schemes remains to be seen. 10

F EATU RES

17 Breaches by

By Julie Ritzer Ross Cause-based marketing and a dedication to giving back to the community have helped Process Pink attract 30,000 merchants—and even more good will.

By Julie Ritzer Ross Perpetrators and the methodologies are changing, but data theft continues to cost consumers and merchants record losses. Internet fraud alone is fast approaching the $1 billion mark. And that’s just the “tip of the iceberg,” says one expert.

S P EC I A L SERI ES

the Numbers

Startup Stories: Process Pink Payments

d epa rtm e n tS

President’s Message

Industry News

Insights from ETA’s elected leader Trends, strategies, and news in the payments business

ISO Corner

Vertical Markets

23 24

Ad Index

One payment method is the true real estate money maker

Industry Insider Discover Network’s hybrid business plan fuels its success

Smart sales strategies for a changing industry

6 Transaction trends | January 2011 3

ETA Annual Meeting & Expo San Diego, CA May 10 – 12, 2011

What people are saying… “Attending the ETA Annual Meeting has put me in a position to elevate my company’s profile as well as my own, by being seen and interacting with my vendors, agents, partners and competitors.” Tony Abruzzio, Vice President Global Merchant Card Services and Banking Recombo, Inc.

s t ! c e n n o C y r t s du n I s t n me y a P he

t e r e Wh

Why attend? Whether you are looking to create, modify or enter a payments value chain, ETA is the “go to” place! It’s the one-stop conference that will connect you with the information, opportunity and people you need for success. The 2011 ETA Annual Meeting & Expo is where merchant acquirers, financial institutions, processors, alternative payment providers, value added resellers, prepaid companies, and merchant sales teams come together for the most diverse and comprehensive show in the payment industry.

Electronic Transactions Association 1101 16th Street NW, Suite 402 Washington, DC 20036 202/828.2635 www.electran.org

President’s Message

ETA Chief Executive Officer Carla Balakgie

We Need Your Help

ETA Director, Communications & PR Thomas Goldsmith Transaction Trends Publishing office: Stratton Publishing & Marketing Inc. 5285 Shawnee Road, Suite 510 Alexandria, VA 22312 703/914.9200 Publisher Debra Stratton Features Editor Angela Hickman Brady Managing Editor Josephine Rossi Editorial/Production Assistant Teresa Tobat Art Director Janelle Welch Contributing Writers Richard H. Gamble, Bryan Ochalla, Julie Ritzer Ross Advertising Sales Steve Schwanz or Fox Associates (800/440.0232; adinfo.eta@foxrep.com) Fox Associates Offices Chicago 312/644.3888 Atlanta 800/699.5475 Los Angeles 213/228.1250

New York 212/725.2106 Detroit 248/626.0511 Phoenix 480/538.5021

Editorial Policy: The Electronic Transactions Association, founded in 1990, is a not-for-profit organization representing entities who provide transaction services between merchants and settlement banks and others involved in the electronic transactions industry. Our purpose is to provide leadership in the industry through education, advocacy, and the exchange of information. The magazine acts as a moderator without approving, disapproving, or guaranteeing the validity or accuracy of any data, claim, or opinion appearing under a byline or obtained or quoted from an acknowledged source. The opinions expressed do not necessarily reflect the official view of the Electronic Transactions Association. Also, appearance of advertisements and new product or service information does not constitute an endorsement of products or services featured by the Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided and disseminated with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice and other expert assistance are required, the services of a competent professional should be sought. Transaction Trends (ISSN 1939-1595) is the official publication, published monthly, of the Electronic Transactions Association, 1101 16th St. N.W., Suite 402, Washington, DC 20036; 800/695-5509 or 202/828-2635; 202/828-2639 fax. Postage paid at New Richmond, Wisconsin and additional mailing offices. POSTMASTER: Send address changes to the address noted above. Copyright © 2011 The Electronic Transactions Association. All Rights Reserved, including World Rights and Electronic Rights. No part of this publication may be reproduced without permission from the publisher, nor may any part of this publication be reproduced, stored in a retrieval system, or copied by mechanical photocopying, recording, or other means, now or hereafter invented, without permission of the publisher. Nonmembers, government agencies, $150 per year; single copy, $20. Subscriptions are available for 12-month periods only, at the quoted rates.

Volunteers are not paid – not because they are worthless, but because they are priceless. –unknown

his month, more than 200 industry professionals will begin their volunteer terms with ETA for 2011, mainly on various standing committees and task forces, but also in some special capacities, including board members, presidential advisory council members, grass roots advocates and in other roles. These volunteers are the backbone of our association. Without them, the things that ETA does for, and on behalf of, its members would be much more difficult, certainly more expensive and ultimately, less representative of our complex and diverse industry. The talents, knowledge, expertise, and viewpoints that volunteers bring to their various roles in ETA ensure everything the association does is informed by contributions and perspectives of the broadest possible cross section of the payments business. The quote above is true, but only in the context of cash wages. ETA’s volunteers are not paid, but they are rewarded, in many ways. I suspect that most past and present ETA volunteers could easily point to many friends and colleagues they’d never have met but through their volunteer experience. I’m sure there are partnerships, deals, and other business relationships that have blossomed because of the connections between or among ETA volunteers. And I know that volunteers learn and grow professionally in part as a result of the work they do through ETA service. As always, those who give, get much in return. It’s gratifying to me, and everyone at ETA, that so many of the people who work at their own jobs in member companies were willing to step up and offer themselves for service.To all who volunteered for board positions, committee seats and task force assignments for 2011—especially first-time volunteers— thank you. And to those were not placed in the volunteer positions they sought, thank you as well. I would encourage you to make yourself available for other volunteer opportunities that may arise in 2011 and to be a part of next year’s process, too. I believe you’ll find, as I have, that you get back far more than you give. Sincerely, Rick Pylant Rick Pylant is President of ETA and President & Chairman of COCARD Marketing Group, LLC

Transaction trends | January 2011 5

INDuSTRYnews Fed: Debit, Prepaid Usage Spikes Consumers continue to embrace electronic payment methods, according to the Federal Reserve’s 2010 study of noncash payments. More than three quarters of all U.S. noncash payments were made electronically during the last three quarters of 2009—a 9.3 percent annual increase since the Fed’s last study in 2007. Approximately 20 billion more electronic payments were made in 2009 than in 2006. The annual use of debit cards increased by more than 12.8 billion payments—the largest increase by any payment type during the three-year survey period—and reached 37.9 billion payments in 2009. Debit card usage currently accounts for 35 percent of all noncash payments and exceeds all other types of noncash payments, according to the report, eclipsing checks as the most used noncash instrument

First Card Reader for BlackBerry Unveiled BlackBerry owners, who comprise about 37 percent of all smartphone users, now have the ability to use their payment cards on their cell phones. ROAM Data has developed the first electronic payment processor made for Blackberrys, called ROAMpay Swipe. Consumers plug ROAM’s reader into their device’s audio jack and use the reader’s built-in encryption to convert the data on the electronic card stripe into an audio signal.The reader communicates credit card information to a software application that users download from their smartphones.

in the United States. Alternatively, the number of credit card transactions declined to 21.6 billion in 2009. At 6 billion, prepaid card transactions have the lowest transaction volume out of all noncash payments, yet these transactions have the fastest growth rate out of any payment type, increasing 21.5 percent annually. Despite the increase in the number of transactions, the value of noncash payments declined 1.6 percent annually, compared with an annual growth rate of 3.9 percent from 2003 to 2006.

info graph Black Friday Dollar Volume Growth by Industry 12.3%

Total Food/Beverage Stores (Supermarket/Grocery) Food Service/Drinking Places (including Restaurants/QSR) Gasoline Stations

17% 9.6% 12.6% 5.9%

Hotels Leisure

-1.5% 8.6%

Retail Services

15.9%

Travel

15.9%

-5%

Source: First Data

6 January 2011 | Transaction trends

10%

15%

20%

Fast Fact Gift card transactions are expected to have exceeded $1.25 billion in 2010. Cash made up half of the dollar volume of gift-related P2P payments in 2010, but accounted for only 35 percent of the transaction volume. Source: Aite Group

How to...PAY IT FORWARD...all the time

u o Y hank

isa Card/V r e t s a he M oes on of t g fees g n i s s e A porti c o card pr . credit .. h t ort e p p u s to

process PAYMENTS LLC. A Unified Payments Company

A Registered ISO/MSP of Wells Fargo Bank & Harris Bank

www.processpink.com

Benefits of joining The Process Pink Team: Take advantage of some of the lowest cost on authorization and settlement in our industry. Access multiple platforms/programs through our newly formed co-op. Support the fight against breast cancer on an ongoing basis. True revenue sharing program, residual based lending, guaranteed residual payments. Dedicated agent support representative and online residual reporting & boarding. Receive recognition as a participant in the Process Pink Program. Know you are doing your part to make a difference in the world. Increase your revenue by advertising your participation in the program. Contact us to sign up today and help us turn our industry Pink!

process PAYMENTS LLC. A Unified Payments Company

ISO/MSP of Wells Fargo Bank P r o g r a m m a d e p o s s i b l e bA y. .Registered .

To Join The Process Pink Team

Contact: Mr. Anthony Holder Tel: 708-261-6596 Toll Free 800-815-4360 www.processpink.com

ISO Corner

Sales Strategies for a New Landscape Experts continue to stress importance of holistic, consultative sales plan By Bryan Ochalla

As the economy, regulatory reform, and other factors continue to re-shape the payments space, the role of the ISO is transforming as well, forcing individual sales representatives to become better educated and more specialized to survive. “Not only do I think the landscape of our industry is changing, but I think it will continue to change—and more dramatically than we’ve seen so far—in the coming years,” says Joe Natoli, a director and strategic advisor at Louisville, Kentuckybased National Processing Company.“Merchants are increasingly focusing on value of the relationship. Price is still important to them, but I think equally as important is answering the question, ‘What benefits and services am I getting from my provider?’”

Get Educated Merchants are more educated than they used to be, and many of them are exploring their options right now, says Natoli. “The smartest, most successful [ISOs and agents] will educate themselves about the industry beyond what has been customary and usual, which has been the core competency involving debit and credit transactions. “If I had to guess, I’d say that although most of the sales reps in this industry know about PCI, less than half of them truly understand the impact of it,” Natoli continues. “If you really want to be of value to your merchants, and to yourself, you should get up to speed on PCI—and a number of other legislative changes that are impacting the industry.” Doing so will, he says, will help agents properly set up their merchants and get them qualified for the best possible rates and fees. ISOs and agents also will benefit from a thorough understanding of market segments as well as the specific merchants they want to approach within those segments, according to Bill DeSimone, vice president of American Express’ OnePoint program. “I think this evolution presents sales reps with an opportunity to under8 January 2011 | Transaction trends

“ I think this evolution presents sales reps with an opportunity to understand their merchants better.” —Bill DeSimone, American Express

stand their merchants better,” he says. However, branching out will require some ISOs to change their sales tactics. Although making a pitch based on price or value alone may have been successful in the past, DeSimone says “things seem to be shifting more toward,‘I want to understand my merchant’s business so I can help them understand why they should want to work with me or why they should want to accept credit cards in the first place.’” A number of businesses and industries still do not accept credit cards, and approaching them with a more modern sale pitch could present big opportunities for ISOs and sales reps, says DeSimone. Charities, schools, health-care providers, property-management businesses, and public utili-

ties, all of which primarily deal with checks from their customers, could be considered low-hanging fruit by sales agents who prefer selling the notion of credit card acceptance rather than competing with another ISO for business. “I think in a lot of cases these folks haven’t even thought about taking cards,” DeSimone says. “They’re so focused on their businesses that payments just aren’t top of mind for them. It also isn’t their expertise. These people definitely are going to be more responsive to someone who gets their business and who talks their language.” Two years ago, American Express launched a support Web site, amex360. com, which provides sales reps with indepth market information to sales efforts. According to DeSimone, 2,000 reps have access to the site, and the company plans to expand its reach throughout 2011. Similarly, Natoli suggests ISOs look to Visa and MasterCard for research on emerging and underserved industries and market segments. “The card brands have done a tremendous amount of work in this area— work that will help the whole industry expand the pie, as opposed to just competing within the current pie,” he says. For many, becoming a specialist means

honing in on one specific vertical. While that’s not a bad strategy, Natoli doesn’t see any particular vertical being more lucrative than another. Instead, he advises ISOs and agents to learn about what is important to the businesses within the verticals, which “will really help you differentiate yourself from a competitor who uses a shotgun approach,” he notes. Beyond that, some other ISOs have found success by tapping their marketing strengths. “I know of some very successful ISOs that focus on a market strategy rather than on a specific vertical,” Natoli says. Some are good at getting merchant originations over the phone, he explains, while others are good at doing the same over the Internet. “That may mean taking an approach like,‘I’m going to talk to all the retail, mail-order, and Internet merchants I can through a phone room.’As long as you understand the challenges that go along with that particular strategy, it’s possible to grow a very good portfolio,” he says.

Tackle Tech Success-seeking ISOs and sales reps also need firm grasp of—and the ability to offer—multiple technology options, says Mustafa Shehabi, senior vice president of sales and marketing at Fremont, California-based ISTS Worldwide Inc. “Technology can go a long way today to differentiate and add value” to a commodity business, he says.“Traditional ISO-based acquiring platforms offer standard functionality, and the use of technology to augment this in terms of capabilities around alternative payments [and] industry specific solutions can add stickiness to contracts.” Specifically, Shehabi says it’s important for ISOs and sales reps to “offer custom solutions that tie into what retailers need,” including alternative, mobile, and multi-channel payment acceptance capabilities that can dovetail with merchants’ retail initiatives. But ISOs themselves don’t need to offer all of these capabilities. By taking a holistic, value-added perspective that goes beyond commodity processing, ISOs understand what can be done by their teams and what cannot, says Shehabi. “Forging strategic partnerships with system-integration companies and payments-consulting houses will move the engagement process with customers to a more consultative selling model, which will directly benefit all parties involved.” TT Bryan Ochalla is a contributing writer to Transaction Trends. Reach him at bochalla@yahoo.com. Transaction trends | January 2011 9

2011 Outlook:

Sprint

Plod? or

By Richard H. Gamble

KEY NOTES 8 Verizon, T-Mobile, and AT&T announced their Isis mobile payments joint venture. But enlisting customers in a new payments scheme will require significant effort.

8 Any small ISO should be having conversations with its processors about what they are developing that would allow merchants to take payments originated by mobile devices.

8 Merchants are fragile right now. They addressed their cost structure so that they could survive at the current level of activity, but many may not survive another downturn.

8 New business startups are scarce so revenue growth will come from current merchants. Look for markets that still have heavy volumes of check payments.

10 January 2011 | Transaction trends

[ COVER STORY ]

SLUGGISH ECONOMY CONTINUES, BUT MOBILE PAYMENTS (M-COMMERCE) BRING A WHOLE NEW BALLGAME

conomic malaise remains widespread, but it seems to have skipped the mobile computer device market, where sales of iPhones, Androids, and their ilk are booming.That means ISOs, acquirers, and processors enter 2011 prepared to slog through sluggish merchant sales and little new business formation, but they also must brace for what could be revolutionary developments in mobile payments. New payment schemes that don’t rely on Visa, MasterCard,American Express, Discover, and the established debit card networks could spring up. So it could be a year of patient wading, a year of sprinting, or some of each. The timing and shape of the mobile payments revolution are still hard to predict, but clearly, it’s coming sooner rather than later. Verizon Communications Inc., AT&T Inc., and T-Mobile USA Inc. officially announced the formation of their mobile payments network dubbed Isis. They chose Barclay’s Bank to be their banking partner to issue the credit and hold the funds for prepaid programs, and they picked Discover Network for the rails. “They have a huge consumer brand,” says consultant Todd Ablowitz, president of Double Diamond Group in Centennial, Colorado.“They know a lot about their customers.They’re in a good position to steer consumers to a new method of payments that they would own.” But consumers are not easily steered when it comes to payments. Habits and preferences are strong.“People decide how they want to pay for their own reasons,”Ablowitz notes.“For some, it’s budget driven. Others want to earn points. Still others go for convenience. If the telecoms want to enlist their customers in a new payments scheme, they have a lot of bridges to cross.”

Powerful Players Telecoms are just part of the revolution. Apple Computer, Ablowitz notes, has more than 160 mil-

lion iTunes users in 23 countries.“That’s a serious mass—more than PayPal,” he points out.“If Apple wants to introduce a new payments alternative, they have the brand and the customer base. And they have a record of building new products and getting people to come to them.The smart money says that if they introduce iPay, people will come.” Google also has a strong position. Its Android smartphone is now outselling the iPhone, Ablowitz notes. Google has announced that its next Android version will include near-field communication (NFC), which can be used for payments. If Apple gets into the payments space, the company could use existing rails, like the telecoms apparently plan to do with Discover, or it could go it alone, Ablowitz speculates. “Apple could absolutely build its own payments system.The telecom carriers evidently did the cost-benefit analysis and concluded that the ROI was better if they paid Discover for their rails [rather than] build their own, but Apple or Google might come to a different conclusion.” The banks are watching developments closely and trying to position themselves to be key players in whatever payment schemes materialize, Ablowitz reports. “They clearly will defend their turf,” he says. “They have the financial relationships.”Wells Fargo and Bank of America are known to have pilots running with Visa and Device Fidelity for using smartphones with NFC devices as payment vehicles, he says. The speed of mobile electronic communication is opening doors to all sorts of alternatives, Ablowitz says. “Authorization used to take huge mainframes. Now it can happen quickly in the cloud.The technology is there and a new scheme wouldn’t have to rely on existing rails, but the builders would have to comply with rules around consumer payments, have ways to deal with returns, prevent fraud, and have a value proposition that appeals to users and acceptors. These are not trivial issues.The technology can make it Transaction trends | January 2011 11

[ COVER STORY ] work, but ultimately, it’s a financial issue,” he concludes. Meanwhile, merchants are waiting to see which way the wind blows.“They have their list of demands for a payment scheme they would accept. The large merchants will be the early adopters, and whatever they accept will trickle down to the smaller merchants, so watch the large retailers to see what they intend to accept,” Albowitz advises.

Option Plays Electronic payments consultant Les Riedl is singing much the same song.The rise of mobile payments is the biggest issue confronting ISOs, processors, and acquirers, says the president of Speer & Associates in Atlanta, and preparing for mobile payments is properly getting the lion’s share of financial and human resources. “You have to be concerned about what the telecom companies are planning that would allow purchases made with mobile devices to

be charged to the user’s phone bill. They could create an alternative payments system that way,” he notes. A newer and possibly more potent threat to the established order comes from companies like Facebook, Google, Apple, and eBay/PayPal. “There are powerful Internet brands like Facebook, and they are looking into alternative ways to allow their huge customer base to buy things and pay for them conveniently and electronically,” says Riedl.“The possibilities are staggering.”Any small ISO today should be having conversations with its processors about what they are developing that would allow merchants to take payments originated by mobile devices, he emphasizes. Mobile devices come with a small memory or SIM card that can readily be adapted to transmit radio waves for near-field communication of data like a credit card or debit card numbers. Instead of swiping a card with a mag stripe, the consumer can tap or wave his or her mobile device near

a properly equipped merchant terminal to settle the purchase. What the mobile device communicates to the terminal could be a Visa, MasterCard, American Express, or Discover card number, but it doesn’t have to be, Riedl notes. “It could link to the card brands, or it could link to the telcos or the Internet companies.They are all investigating it. While displacing the card brands is possible, they have the inside track for providing the rails for future electronic payment schemes because they already have the infrastructure and the business, Riedl points out. But an ambitious Internet company could mount a challenge. “These Internet companies carry a lot of weight, and they have momentum. Investors like them.”

NFC Kicks Off Visa is planning to be part of the mobile revolution and doesn’t seem too worried about being overthrown. Wireless providers like Boku and Zong have sprung up to

Shaken Consumer Confidence The savings rate has plateaued at around 5.5-6.0 percent of income. If employment rises and the savings rate stays flat, then retail sales should track the slow recovery of the economy. If there’s a nasty surprise, like a spike in oil prices or unemployment, then wary consumers may save more and spend less, says Robert Dye, senior economist at PNC Financial Services in Pittsburgh. With home values down by about a third nationally since 2006, consumers feel less wealthy and have less confidence that they should spend their money. The solid recovery of the stock market into early November 2010 has helped to bring back wealth and confidence for some consumers, he adds. Manufacturing has led the economic recovery so far but appears to be running out of steam, Dye notes. “Manufacturing will be a smaller contributor to employment gains than it has been in the recent past,” he predicts. Even if the automakers increased sales from a current 11.8 million units per year to 13 million or 14 million, they wouldn’t have to hire more workers, he observes. Credit availability has started to improve and will continue to improve through 2011, depending on employment figures, Dye says. Credit grantors are keeping a close eye on jobs, he notes. While the “sand” states and the upper Midwest were hardest hit when

12 January 2011 | Transaction trends

the recession started, it has spread to almost every geographic area now, Dye notes. The farm belt and the Washington/Baltimore area are among the few bright spots. The trend to move spending down market to discount retailers has leveled out, and there are signs of some revival in the purchase of luxury goods, Dye reports. The stress continues to be greater for small, local companies than large, globally integrated companies, Dye reports. Those that depend on local customers are getting less boost from the recovery, and their prospects for growth in 2011 are weaker than average, he says. “They are facing a long haul out of this recession.” The big unknown in the coming year is unemployment, he says. He expects unemployment to decline from a current 9.6 percent to just 9.1 percent by the end of 2011. If the employment picture brightens, look for consumers to spend more. If it disappoints, they’ll spend less, particularly seniors.

allow mobile phone users to buy things through their phones and pay for them by having them charged to their wireless phone bills, but this usually works only for small payments for things like phone apps, reports Bill Gajda, head of global mobile products for Visa.“Usually, when you hit a low threshold like $25 or $30, these ventures ask the user to provide a credit card number if they want to make additional payments. It starts with a phone number, the one number everyone remembers, but it graduates to a credit card if the spend gets significant.These companies sell communication services. Running a payment scheme is not their forte.” The major card brands will remain key players in the mobile payments future, he predicts. But it will be a very different future. “We’re approaching the tipping point,” Gajda says. “The largest manufacturers of handsets are embedding NFC devices in their products. That will spur the growth of using mobile phones for point-of-sale transactions.We’re in trials with the largest providers to understand the experience and see how we can be part of it.” Physically presenting the mobile device at the point of sale is just part of the revolution, Gajda says. With mobile access to browsers that are quick and rich, e-commerce can turn into m-commerce. Visa already offers real-time alerts around payments and mobile coupons that are designed to appeal to consumers. Visa expects to make microSD payments commercially available in the first half of 2011, which will create demand among merchants for terminals that can handle the communication, and that will provide opportunities for ISOs to sell upgraded terminals.“MicroSD will change the business case for new terminals,” Gajda predicts. “Their use of embedded chips offers greater security and dynamic authentication, and provides opportunities for merchants to send offers and alerts that can increase their sales.” The cost of terminals and peripherals is coming down, Gajda notes. Merchants on the move can get devices that plug into the audio jack port of a smartphone and enable the phone to accept payment data from mag stripes, chip payment cards, or mobile transmissions. For consumers, the

Credit Denied Don’t look for growth from successful small businesses expanding, warns Leonard Wright, a San Diego-based CPA, because they can’t get the money to fund it. He has heard from bankers that they don’t want to make aggregate revolving credit available beyond 20 percent of reported 2009 net income. For many small businesses, that credit is the line the owners can draw on with their credit cards. “Access to credit is drying up at an alarming rate,” he says. “Lenders have gone from cutting off irresponsible borrowers to hitting the ones who use credit responsibly.” Wright cites the case of one client that operates a small chain of highly profitable long-term care facilities. That business would expand if it could get a $1 million loan, but it can’t, he reports. “You can’t get a signature loan these days. The big companies can still borrow by selling bonds in the bond market, but growth capital just isn’t there for the small business.” As a result, small businesses are aggressively cutting expenses to stay alive. “That’s not necessarily a bad thing,” Wright observes, “but it won’t contribute to an economic recovery.”

basic memory card that is now a standard part of a mobile phone can be modified to make it a payment card. The revolution will certainly be global. This year will see dramatic use, especially in international markets, of the “mobile wallet,” Gajda predicts. “The mobile wallet will extend to the unbanked, who will use it to send and receive money,” he says. “People in India will pay their utility bills from their mobile wallets. They will buy food and clothing.” The funds in the wallet could come from prepaid, stored-value accounts or could be linked to existing debit or credit accounts. Of course, the mobile payments revolution may turn out to be more of an evolution. There are big changes coming, but whether they will reach tipping points in 2011, 2012, or 2015 is hard to predict, says Greg Cohen, president of Moneris USA in Chicago.What is more certain is less exciting—that stubborn high unemployment will continue to repress consumer spend-

ing and that the reliable revenue from existing merchant relationships will grow, but not very fast.

Safe Plays The shakeout is not over, and the ISOs and processors who will do best will be diversified and less dependent on credit products, says Donna Embry, senior vice president for strategic product development at Payment Alliance International (PAI) in Louisville, Kentucky.“We are focusing on growing our ATM business,” she reports.“Banks are looking for fee income and we see opportunities to help them get it.” PAI is also piloting a variety of mobile programs, she adds. Anticipating consumer behavior is critical but difficult. “It will take two to three years for the economy to get back to normal, and by that time, consumers will have permanently changed some of their spending habits,” Embry says. “You won’t see people carrying five or six cards. That train is gone.” Heartland Payment Systems in Princeton, New Jersey, is a processor that caters to small and mid-sized businesses, and the outlook is for “some acceleration of the consistent, modest growth we are seeing now,” reports Bob Baldwin, president and CFO. For Heartland, the worst seems to be over. “Our same-store sales were down 10 percent in 2009, but that has stabilized and turned into slight growth.” But these merchants are fragile.“They addressed their cost structure so that they could survive at the current level of activity. As long as things don’t get worse, I don’t think we’ll see many merchant bankruptcies, but I’m not sure they could absorb another downturn.” With little prospect for a vigorous economic recovery, new business startups are scarce, and ISOs have to look to current merchants for revenue. Growth will come in penetrating markets that still have heavy volumes of check payments like utilities and medicine, Cohen suggests.As these businesses move to electronic forms of payments, ISOs, and processors will benefit. TT Richard H. Gamble is a contributing writer to Transaction Trends. Reach him at gamble10@earthlink.net. Transaction trends | January 2011 13

Startup Stories:

Process Pink Payments

In The Pink

How cause-based marketing built a strong startup ISO By Julie Ritzer Ross

harity begins at home—or so the adage goes. But for Process Pink Payments, a Unified Payments Company, it also served as the lynchpin for the inception of a flourishing ISO/MSP whose portfolio now encompasses 30,000 merchants. In a twist on cause-based marketing, Process Pink Payments donates one basis point of its total monthly credit card processing volume to the National Breast Cancer Foundation (NBCF) in Frisco, Texas. The NBCF received about $130,000 from Process Pink Payments in 2010 and the company is “on target” to double that figure this year, says President Anthony W. Holder. Process Pink Payments is an offshoot of Money Movers of America, a payment processing entity founded in 2004 by Holder and several other executives. At the time of its inception, Holder had already amassed significant electronic payments industry experience in his tenure as national sales director at First National Processing of Illinois. Prior to moving into the payment processing sector, he had been involved in the banking arena, holding positions at such institutions as St. Paul Federal Bank and Mutual of New York (MONY). James D. Costanzo, Holder’s partner in the venture and current Process Pink vice president, brought to the table an equal wealth of experience in banking and with industries that depend on recurring revenues—First Fidelity International and Chicago-based telecommunications giant RCN. Money Movers of America took off from the get-go, but a few years in, the partners decided that given heightened competition in the market, future growth would be heavily predicated on distinguishing the company from the pack.“We believed we could truly appeal to merchants if we, by donating part of our own profits to a cause, offered a way for them to ‘give back’ without costing them or their customers anything at all,” Holder explains. At first, he and Costanzo considered setting up a program wherein consumers could designate, at the point of sale, a specific charitable organization to which donations would be made. But they predicted this would be an “accounting nightmare” and decided instead to partner with a single entity. Holder’s loss of a beloved aunt to breast cancer and of his father to colon cancer spurred a move to select a charity associated with the disease. “As we went along, we realized that consumer awareness of breast

14 January 2011 | Transaction trends

Success Story: Process Pink Payments Westchester, IL Founded: January 2008 Portfolio size: 30,000 merchants (60% general retailers and restaurants, 30% educational institutions, and 10% health-care clients) Sales force: Approximately 200 MSPs Donation to National Breast Cancer Foundation in 2010: $130,000

cancer was particularly high because of all the ‘Pink Ribbon’ campaigns and initiatives,” Holder continues.“This sealed the decision to go with a breast cancer foundation, and to create an entire brand around it.” The concept—and the company—caught on. Money Movers of America had a portfolio of 2,800 merchants when Process Pink Payments made its debut; in one year, the ranks had swelled to just under 5,000 merchants.A merger with Unified Payments, executed in 2010, has increased the portfolio to its current size. Process Pink’s presence may soon grow substantially, according to Holder. “We are currently working on a merger with Cynergy Data/Pipeline Data that will take our combined entity into the top 10 position in our industry with nearly 150,000 clients combined and well over $12 billion processed annually.”

Process Pink celebrated the opening of its Lodi, California, facility in October 2010.

Mission Match While integrating a charitable donation component has clearly worked for Process Pink Payments, Holder says that finding an appropriate cancer-related organization with which the ISO could ally itself has been an equally critical factor in its success.The idea of teaming up with a breast cancer charity made sense to Holder because of the association with his aunt, but he and Costanzo also wanted to match the mission of the organization they chose with their own values and vision. In contacting and researching various charitable entities, the partners discovered that most organizations spend only 20 percent of monies raised on initiatives related to the cause they support; the remaining 80 percent is earmarked for marketing.They also learned that many charitable entities funnel a significant portion of monies not budgeted for marketing into pharmaceutical research rather than programs that focus on disease prevention or patient support. This was not the case with the NBCF, whose mission entails saving lives through early breast cancer detection, as well as by providing mammograms and other diagnostic breast care services for those “in need.”The organization also aims to provide “nurturing support service” for women with breast cancer. “The other charitable organizations we looked at are all very fine groups, but their platform just didn’t mesh as well with ours,” Holder says.“When an ISO—or any business, for that matter—allies itself with a cause, there needs to be a complete synergy. If there isn’t, something is bound to fall through the cracks.” A strategic approach to “selling” merchants on the Process Pink Payments concept has also fueled growth.“The main challenge we have faced is that while our marketing position definitely gets conversations with prospects going, it still takes a push to compete with the ‘free’ terminals that are promoted out there,” Holder says. “Merchants need to be reminded about the appeal to consumers and how the program sets their businesses apart in a noninvasive

manner that doesn’t obligate customers to do anything other than make the purchases they were going to make anyway.” In addition to learning how to handle paperwork and other routine matters that come with boarding merchants, all Process Pink Payments sales agents receive hands-on training in how to present the benefits of working with the ISO/MSP to any prospect they encounter.

Cross-Marketing and More Holder’s long-term goal is to ensure the longevity of Process Pink Payments even after he retires from the business “sometime very, very far down the road. He and Costanzo are working toward several short-term objectives to meet the long-term goal. One is to increase consumer awareness of the charitable donation program, not only to enhance fundraising efforts for the NBCF, but also to add merchant accounts to the Process Pink Payments portfolio. Process Pink Payments and the NBCF already link to each

CAUSE-BASED MARKETING FOR ISOs Be selective in choosing a partner. Ensure that its mission and values align entirely with your own. A lack of synergy will be an impediment to growth.

Think outside the box. For example, implement a program for educating consumers about your efforts so that they, in turn, become a merchant recruitment arm.

Establish a strong brand identity. Tie-in the identity with the beneficiary of your efforts to create a compelling marketing message.

Transaction trends | January 2011 15

Startup Stories:

Process Pink Payments

other’s Web sites so individuals can easily navigate to the other entity’s homepage. But that “just isn’t enough,” Holder says. The ISO has begun to distribute collateral materials to its existing customer base, including window decals merchants can use to inform customers of their affiliation with Process Pink Payments as well as educational literature for distribution in-store. Using the collateral materials is not a prerequisite to maintaining a Process Pink Payments merchant account, but an overwhelming majority of the ISO’s current clients do so. “As we see it, customers who have noticed our decal and materials where they shop will ask other merchants whose stores do not display them why they aren’t ‘processing with Process Pink,’” he explains.“It is happening already; we are receiving inquiries from merchants” that were sparked by consumer feedback. The ISO also has initiated a move into social media marketing with a Facebook page with the goal of bolstering Process Pink Payments’ consumer presence and serving as a vehicle for communicating with merchant

This past September marked the opening of the ISO’s first service center in Lodi, California. The facility is staffed by 14 telemarketers charged with uncovering merchant leads. prospects.The page is monitored for inquiries, and agents follow up immediately. Future plans include offering a loyalty card program under the Process Pink Payments umbrella, as well as extending the charitable giving component beyond the NBCF sometime next year.“We are looking at how we can start brand initiatives for other causes and ‘roll up’ a portion of transaction fees to the charity of the individual consumer’s choice,” Holder explains. “We weren’t going to do that in the beginning, but I think there will be a way to figure it out.”

Holder and Costanzo also want to leverage strategies beyond the charitable piece to grow Process Pink Payments’ merchant portfolio.An incentive program rewards franchise owners for generating leads or referrals; revenues are equivalent to one to two basis points for each lead and/or referral supplied. This past September marked the opening of the ISO’s first service center in Lodi, California.The facility is staffed by 14 telemarketers charged with uncovering merchant leads. At press time, initiatives aimed at cultivating independent agents, whom the partners intend to train in the same manner as existing members of its“fleet-on-the-street,”were launched as well as salaried sales representatives who are willing to travel and generate their own leads. “All in all, we are continuing to reach out to the masses with our brand and our program,” Holder concludes.“We see a very bright future.” TT Julie Ritzer Ross is a contributing writer to Transaction Trends. Reach her at jritzerross@gmail.com.

ETA Annual Meeting & Expo San Diego, CA May 10 – 12, 2011

ry Connects! t s u d n I nts e m y a he P

re t e h W

[ FEATURE]

DATA FROM MULTIPLE SOURCES SHOWS THE PROBLEM ISN’T GOING AWAY

Breaches by the

Numbers

By Julie Ritzer Ross

rom TJX Companies to Heartland Payment Systems, BJ’s Wholesale Club to Barnes & Noble, data breaches have penetrated a variety of businesses and have been a major concern for the electronic payments industry in recent years. Perpetrators and the methodologies are changing, but the problem isn’t going away. “We’re probably just at the tip of the iceberg as these incidents go,” says William B. Nelson, president and CEO of Dulles, Virginiabased Financial Services Information Sharing and Analysis Center (FS-ISAC), a nonprofit organization whose 4,200 members include Transaction trends | January 2011 17

[ FEATURE] financial service firm provider organizations (among them processors and ISOs), banks, and credit unions.“Until September of this year, we were averaging 10 account takeover reports a month; now, we’re at 500 reports a month and data compromises on 1.5 to 2.5 million computers.” And the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation and the White Collar Crime Center, received 336,000 complaints about Internet fraud in 2009, representing $559 million worth of financial losses by consumers as well as a 22 percent increase over the $265 million in losses recorded last year.“We could well be heading to the $1 billion mark,” he asserts.

Subtle Market Shifts Not surprisingly, data breaches continue to occur in entities of all sizes and in all vertical markets. “While there is no single source for data as to exactly how many breaches are occurring across the landscape, it is absolutely safe to say that there are breaches everywhere,” says Colin Sheppard, director of incident response and practice director of the forensic in-

KEY NOTES 8 The FS-ISAC sees an average of 500 takeover reports a month and data compromises on 1.5 to 2.5 million computers. The Internet Crime Complaint Center received 336,000 complaints about fraud in 2009.

8 The financial services, hospitality, and retail sectors still comprise the “big three” data breach targets, accounting for a respective 33 percent, 23 percent, and 15 percent of cases.

8 In 2009, malware was associated with 54 percent of data breaches suffered by organizations that engaged SpiderLabs. The figure was expected to hit 75 to 80 percent in 2010.

8 In addition to device implantation schemes, criminals have begun installing rogue devices near terminals and splicing them into payment terminal network connections. They are also setting up more hidden cameras near payment terminals to capture PIN data.

18 January 2011 | Transaction trends

cident response team for TrustWave’s SpiderLabs division. Of the more than 200 breach investigations conducted by SpiderLabs in 2009, 98 percent involved purported credit card data compromise. The 2010 edition of the “Data Breach Investigation Report,” released by Verizon Communications’ business consulting arm, supports Sheppard’s assertion. Verizon conducted this year’s study in cooperation with the U.S. Secret Service, and the results reflect examinations of more than 143 million compromised data records in 2009. The cases involved organizations of all sizes—from 100,000+ employees to less than 100. The study finds that the financial services, hospitality, and retail sectors still comprise the “big three” data breach targets (see chart). SpiderLabs’ 2009 data is similar: 80 percent of investigations were initiated by clients in the hospitality (65%) and retail (15%) categories. However, data from both Verizon/U.S. Secret Service and SpiderLabs indicates a subtle shift of activity within these markets. Notably, the incidence of breaches at retail establishments shows a downward trend. “Retail, which ranked first in total breaches in our last two reports, has fallen to third place and now accounts for less than half of its former amount. For SpiderLabs, 38 percent of data breach investigations last year involved hotel industry companies. (Companies in the financial services sector initiated 19% of the firm’s data breach investigations; retailers, 14.2%; and restaurants and bars, 13%.) “In previous years, we saw a considerably higher volume of data breach incidents occurring in retail than in some other sectors,” among them hotels, Sheppard says.“However, this has changed, partially because of enhanced adherence to the Payment Card Industry Data Security Standards (PCI DSS).” Sheppard blames problems with hoteliers’ use of point-of-sale software for credit card transaction processing. Hotel operators often outsource the maintenance of their POS systems to third-party firms, whose employees log into these systems remotely in order to maintain them. When remote access user names and passwords are left blank or not changed from their default setting, as is a common practice among those in the hotel segment, hackers can easily gain access.

The financial services, hospitality, and retail sectors still comprise the “big three” data breach targets.

Financial Services, 33 percent Hospitality, 23 percent Retail, 15 percent Manufacturing, 6 percent Technology services, 5 percent Business services, 4 percent Government, 4 percent Media, 4 percent Miscellaneous, 4 percent Health care, 3 percent

(Information adds to more than 100% because of rounding.) Source: 2010 edition of the “Data Breach Investigation Report” from Verizon Communications’ business consulting arm in cooperation with the U.S. Secret Service. Data from 2009.

“Many systems are getting harder and harder to crack,” Sheppard notes.“But once hackers discover a weakness, flaw, or common problem in an industry or organization, they want to replicate it as many times as they can, rather than concentrate on a sector where the ranks are closing.” Data breaches in the hotel sector have made news over the past year or so. In August 2009, Radisson Hotels & Resorts revealed that the computers at some of its properties in the United States and Canada had been hacked between November 2008 and May 2009. After revealing two financial information “compromises” in

[ FEATURE] “Schemes that involve gift cards are very worrisome because of the anonymity behind the cards themselves. It makes identifying the perpetrators a difficult task, no matter the flavor of any particular scheme itself.” –William B. Nelson, FS-ISAC

recent years, Wyndham Hotels & Resorts LLC announced additional credit card data breaches at 37 of its properties between October 2009 and January 2010. Earlier this year, luxury hotel chain Destination Hotels and Resorts notified customers that their credit card records “may have been compromised.”ABC News reported that Destination had been victimized by “an intense database attack that lasted over three months,” and quoted law enforcement authorities saying that losses, which totaled hundreds of thousands of dollars, averaged $2,000 to $3,000 on each of the estimated 700 credit card numbers stolen. On the flip side, some trends remain constant. For instance, smaller retailers have always been more vulnerable to attack.“Of the 80 percent of our cases that revolve around POS systems compromise, an overwhelming majority still concern Tier 3 and Tier 4 merchants, not those in Tier 1 and Tier 2,” Sheppard says.“Level 4 merchants remain the primary target of hackers,” affirms Sean Fuery, director of business development for Security Metrics, based in Orem, Utah. Unfortunately, many small merchants have been under the impression that PCI DSS compliance was sufficient to protect them from data breaches, “when it is really just the foundation of the armor,” says Sheppard. “In fact, in approximately 80 percent of our cases, the clients did not even have a firewall in place” as an adjunct to such compliance. Failure to achieve or maintain PCI DSS compliance remains a major contributing factor to financial information compromise.According to the Verizon/U.S. Secret 20 January 2011 | Transaction trends

Service study, organizations that suffer a data breach relating to payment card data are 50 percent less likely than the average organization to have become PCI DSS compliant and stayed that way. In a related vein, the study revealed that attackers are most likely to target the three aspects of PCI with which companies most struggle. “Of the 12 requirements that constitute the PCI DSS, three of them—protect stored data, track and monitor access to network resources and cardholder data, and regularly test security systems and processes—cover areas that are most vulnerable to security breaches,” the study notes.

Threats on All Sides The cause of incidents, the manner in which they’re executed, and the threat agents used to accomplish them are also changing. “External threats” originating from sources outside the organization and its network of partners—e.g., hackers, organized crime groups, and government entities, as well as environmental events like weather—sparked 70 percent of data breach occurrences examined as part of the Verizon/U.S. Secret Service study (down 9% from 2008). Also down are the number of data breaches linked to “business partners” (down 23%), such as suppliers, vendors, hosting providers, and outsourced IT support firms. “Internal threats,” or those originating from within an organization through company executives, employees, independent contractors, and the like, as well as the internal infrastructure, sparked 48 percent of data breach occurrences investigated, up 26 percent from 2008.

(Note that a number of breach investigations are launched for several factors so percentages add up to more than 100 percent.) As for how data breaches occur, “it’s a mixed bag,” says Nelson. He considers statistics from the Verizon/U.S. Secret Service study “a microcosm of things as a whole.” The study found that 48 percent of investigations stemmed from misuse of databases by “privileged” parties with permission to access the systems. Hacking also was associated with 40 percent of incidents, malware with 38 percent of cases, social tactics (use of social networks to get illegal access to data) with 28 percent (up 16%), and physical attacks with 15 percent (up 6%). Sheppard finds malware of particular concern: “It is where significant evolution is evident.” In 2009, malware was associated with 54 percent of data breaches suffered by organizations that engaged SpiderLabs; Sheppard pegs this figure at 75 to 80 percent for 2010. Disturbingly, malware is evolving in terms of its complexity and power, he says. In July 2008, a mid-size retailer engaged SpiderLabs in response to possible credit card fraud originating from a number of cards that had previously been used at one of its locations.The attackers were found to be employing, for the first time, a sophisticated form of malware known as “memory-parsing malware.” Such malicious software captures credit card data from POS systems’ memory rather than siphoning credit card data that is stored on a disk or is traversing a network in unencrypted form. The malware used by the perpetrators in this case incorporated a memory-dumper capability for copying systems’ payment process memory into a file, along with a memory-parser for scheduling memory “dumps” and parsing the output file for card track data, and a service creation utility for creating Windows service in order to maintain persistence. By the fall of 2008, creators had added functionality to the malware—specifically, tweaking it so that any unusual pattern of disk usage noted by merchants would not serve as an indicator of malicious activity and customizing the process memory target so that any POS software, instead of a single brand

How Breaches Occur

2009

Change from 2008

Misuse of databases by “privileged” parties with permission to access the systems

48%

+26%

Hacking

40%

-24%

Malware

38%

Social tactics

28%

+16%

Physical attacks

15%

+6%

Source: 2010 edition of the “Data Breach Investigation Report” from Verizon Communications’ business consulting arm in cooperation with the U.S. Secret Service. Note that many breaches are a result of attacks from multiple sources, so percentages add to more than 100 percent.

Who’s Behind the Breaches

2009

Change from 2008

External agents

70%

-9%

Insiders

48%

+26%

Multiple parties

27%

-12%

Business partners

11%

-23%

as had previously been the case, could be compromised regardless of make or model. Winter 2008 brought another wave of development, with the base code modified to enable the memory dumper, memory parser, and service creation applications to be handled by a single custom application “executable,” thereby reducing the malware’s footprint on the POS system and minimizing the ease of detection. Codes were also altered to suit specific POS system targets, and an FTP client was incorporated to instruct the malware to upload files containing track data to an external FTP server once file size reached 50,000 bytes. Further improvements were noted by SpiderLabs this past summer. These included a modification of time stamps on data files (designed to throw off investigators seeking to ferret out multiple event patterns in an attempt to build timelines of criminals’ activities) and the incorporation of an embedded encryption algorithm and key within the malware code to obliterate the content of output files containing

harvested track data.“This development is indicative of highly organized efforts on criminals’ part to reap financial rewards, and there is no reason to assume we have seen the last malware wave,” Sheppard claims.

Planning and Scheming Perpetrators are also pursuing other new means of executing data breaches that transcend threat agents. Perhaps most significantly, sophisticated criminals have developed myriad schemes around ACH debits, says Nelson. Rather than utilizing the ACH to “move money,” he explains, some hijack checking account data and leverage the system to fund and replenish gift cards. Others are hacking into the databases of remote deposit capture vendors as a springboard for generating ACH debits that are subsequently applied to gift card purchases. Intelligence pertaining to schemes of this type first appeared on FS-ISAC’s radar screen in July 2010; by the following

month, the threats had become reality, Nelson says. “Schemes that involve gift cards are very worrisome because of the anonymity behind the cards themselves,” Nelson says. “It makes identifying the perpetrators a difficult task, no matter the flavor of any particular scheme itself.” In a somewhat different vein, FS-ISAC has recently become aware of attempts by less-than-savory individuals to hack into payroll processors’ payee databases. Their objective: to alter payee information and, in turn, siphon funds for themselves. Meanwhile, although the incidence of traditional credit card skimming at the point of sale has yet to abate, “there are some new, related twists to the tactic,” says Boston-based data security expert and consultant Robert Siciliano, CEO of www. IDTheftSecurity.com. Siciliano points to a growing trend wherein criminals covertly replace merchants’ POS hardware with “rogue” equipment that can intercept credit and debit card data. Increasingly, he reports, the size of the devices is such that their presence within a terminal is difficult or even impossible to detect. To further keep merchants off the track here, perpetrators will apply a small (usually dime-sized) fake label or sticker on the exterior of the “replacement” equipment. At first glance, these stickers may appear official and bear legitimate product serial numbers. However, they are affixed there to conceal drill holes or other criminal entry points in the terminal. This reconfiguration process generally takes less than one minute. In addition to such device implantation schemes, criminals have begun to engage in the practice of installing rogue devices near terminals and splicing them into payment terminal network connections.They are also setting up more hidden cameras near payment terminals to capture PIN data. “There is no denying that it is getting harder for all types of perpetrators to compromise and steal data,” Siciliano concludes. “However, the schemes—and the breaches—will go on.” TT Julie Ritzer Ross is a contributing writer to Transaction Trends. Reach her at jritzerross@gmail.com. Transaction trends | January 2011 21

ISO Corner VERTICAL MARKETS

Real Deal on Property Management

ACH, not credit, opens doors to the real estate market By Julie Ritzer Ross

hile many industry players are calling real-estate the next hot vertical, pushing credit card processing services to building and property owners may not be the best way for ISOs to board accounts. Real estate definitely offers “significant opportunities” for ISOs, says Dan H. Breshears, president of Group Concepts in The Woodlands,Texas.The company’s merchant portfolio includes 3,600 real estate entities. But while these merchants are interested in leveraging electronic payments to eliminate headaches associated with paper-based payments, Breshears says only a handful have jumped on the credit card bandwagon. From difficulty in tracking and reconciling payments among tenants, to the appeal of making it harder for tenants to pay late, several factors are opening doors for ISOs, says Steven Feldshuh, vice president of business development at PayMint Associates, an ISO headquartered in Brooklyn, New York. “However, (such prospects) are not, for the most part, interested in accepting credit cards,” he notes. Several months ago, Feldshuh and his partner, George Sarantopoulos, worked with a vendor to develop a credit card acceptance solution geared to the real estate market, but their efforts were in vain. Two clients completed the necessary paperwork but stopped short of cementing the deal. Feldshuh attributes their cold feet to concerns about operating costs. “We decided that the only real place for credit cards in real estate is for the few that want to use it as a vehicle for collecting late or seriously overdue payments,” Feldshuh says.“And with interchange being what it is, that’s probably a very limited place.” None of this surprises Christian Murray, national director of business development at processor Global eTelecom (GETT) in Fort Walton Beach, Florida. GETT supports approximately 4,000 ISOs nationwide, many of which target the real estate vertical. Only a few, however, serve their constituents with credit card solutions. 22 Janaury 2011 | Transaction trends

“The market is much more attracted to electronic check and ACH transactions, which cost them a fraction of what they would pay in interchange,” he says.

ACH All the Way For Group Concepts and PayMint Associates alike, A CH debit and electronic check payments are the conduit to cultivating the vertical. The former provides real estate clients with private-label software tools for accepting rent and maintenance payments in electronic check form. The system also features several integrated components, including one for accounting and another for maintaining rent/maintenance rolls and occupant information. As an added incentive for boarding and to minimize attrition, Group Concepts designs and maintains a Web site for each client free of charge. Renters and occupants use the site not only to make payments, but also to exchange messages with management about maintenance issues and more. A second ACH solution garners prospects’ attention and enhances revenues by facilitating the collection of water, electricity, and/or sewer charges.“Many states require that occupants be billed separately for utilities and, in the case of developments with private homes, sewage,” Breshears notes. “The paperwork can be overwhelming, and checks get lost. We sell merchants on the convenience” and enhanced collection potential,“just as we do with the rent and maintenance collection piece.” Meanwhile, PayMint Associates is developing a program for landlords to accept rent payments through check cashing locations. Tenants will remit cash to the check cashing entities, which will electronically transfer funds to the landlords via the ACH system. “It can and will be positioned as an alternative to money orders,” which very few companies like to deal with,” says Feldshuh. Murray adds that ISOs interested in building their portfolios with a cadre of real estate entities also should consider extending ACH/electronic check payment

solutions beyond just collecting rent and maintenance fees. He cites parking garage operators associated with residential and office buildings as viable prospects. Moreover, he suggests that when selling ACH debit in the real estate arena, ISOs candidly explain that some tenants may need an additional push to move away from traditional payment methods. “ISOs should remind merchants that many, many people will love the idea of saying goodbye to writing a rent or maintenance check, but they may have trepidations about authorizing a landlord to execute an ACH debit each month,” he explains.“The best way to push them over the hump may be to propose a discount of some kind for a recurring ACH debit agreement.”

Beyond the Basics Offering other add-on options is equally worthwhile. ATMs are one good example. PayMint Associates recently installed about 12 ATMs at large residential buildings in Washington, D.C., approximately 10 in similarly sized buildings in New York City, and several in buildings in Florida. “Building management companies are very receptive to ATMs, not just because they are an additional source of income, but because they add another dimension of convenience for tenants,” Feldshuh says. Gift cards also can be lucrative. Several years ago, commercial property owners and managers in some sub sectors, such as shopping centers, began to offer private-label gift cards good at all or most of their stores.The momentum is now building elsewhere. For example, property management companies that handle large office complexes with a retail component have demonstrated interest in similar programs. “Real estate is truly far more multi-dimensional than most ISOs would assume,” Murray says. TT Julie Ritzer Ross is a contributing writer for Transaction Trends. Reach her at jritzerross@gmail.com.

ETA 2010-2011 BOARD OF DIRECTORS OFFICERS PRESIDENT Rick Pylant Chairman & President COCARD Marketing Group LLC PRESIDENT-ELECT Eddie Myers President & COO Payment Processing Inc. TREASURER Roy Banks CEO ACCELERATED Payment Technologies Inc.

Gary Goodrich CEO ProPay, Inc.

Jan Estep President & CEO NACHA

Kim Fitzsimmons Senior Vice President—First Data Services First Data Corporation

Sameer Govil Head of Acceptance Solutions Global Aceptance Visa Inc.

Robert McCullen CEO Trustwave

Gerry Wagner Vice President Discover Network

Diana Mehochko President First National Merchant Solutions

Steve Carnevale Senior Vice President/Group Head Commerce Development MasterCard Worldwide

Jeff Rosenblatt President EVO Merchant Services

SECRETARY Tom Wimsett IMMEDIATE PAST PRESIDENT Holli Targan Partner Jaffe, Raitt, Heuer & Weiss P.C.

Bryan O’Malley Vice President American Express

Debra Rossi Executive Vice President Merchant Payment Solutions Wells Fargo Bank

DIRECTORS Todd Ablowitz President

LEGAL COUNSEL Dave Goch Attorney at Law Webster, Chamberlain & Bean

Kurt Strawhecker Managing Director The Strawhecker Group

Robert Baldwin President & CFO Heartland Payment Systems Inc.

ex-officio Carla Balakgie CEO Electronic Transactions Association

Gregory Cohen President Moneris Solutions

Advertisers index Company

Phone

Web

866-437-0491

www.authorize.net

224-405-0900

www.discovernetwork.com

678-731-5236

www.elavon.com

Electronic Merchant Systems

800-726-2117

www.emscorporate.com

Process Pink Payments, LLC

708-316-4319

www.processpink.com

Security Metrics

801-724-9600

www.securitymetrics.com

Total Merchant Services, Inc

888-84-TOTAL x9411

www.upfrontandresiduals.com

866-872-3729

www.usaepay.com

Authorize.Net Discover Network Elavon

USA ePay

Page

Transaction trends | January 2011 23

Industry Insider

Best of Both Worlds Core partnerships and a hybrid business plan fuels Discover Network’s global growth By Bryan Ochalla

hen Discover Financial Services and its payments network, the Discover Network, launched less than 25 years ago, its founders wanted to be different, says Diane Offereins, executive vice president and president of payments services at the Riverwoods, Illinois-based company. Not only did the founders want to create a different kind of credit card, they also “wanted to carve out a network model that was very different from the competition,” Offereins says. The company opened in 1986 and began offering its full range of credit, debit, and prepaid cards and services by signing up merchants directly and individually. “We had a model that was more like American Express than Visa or MasterCard, which let merchant acquirers go “Most merchants are out and build their acceptance footprint,” Offereins explains. used to having a salesBut four years ago, the company person come in and plug changed the way it interacted with merchants. While it retained direct in a terminal. They don’t relationships with its top 2,000 merwant to think about chants—which Offereins estimates are responsible for 70 percent or what’s on the terminal; more of the company’s volume—it they just want to run formed partnerships with merchant acquirers to service the rest. As a retheir businesses.” sult, Discover now has partnerships — Diane Offereins with all of the top 100 merchant acquirers in the United States. “We wanted our acceptance footprint to feel a lot more like Visa and MasterCard and a lot less like American Express,” Offereins says of the change in strategy.

Strategic Mix Offereins describes the company’s current model as a hybrid:“We have a direct relationship with the top 2,000 or so merchants; we set our own price with them, and we settle with them directly.When it comes to all of the other merchants in the country, though, we have relationships with Elavon, First Data, and other acquirers that go out and bundle us with Visa and MasterCard. 24 Janaury 2011 | Transaction trends

“We wanted to fill that gap with merchants,” Offereins says of the switch in strategy, “and most merchants—especially small- to medium-sized merchants—are used to having a salesperson come in and plug in a terminal.They don’t want to think about what’s on the terminal; they just want to run their businesses.” Officials decided the best way for Discover to improve its acceptance would be for its products and services to be bundled and priced with Visa and MasterCard.“And we told the acquirers that we work with, ‘When you’re out selling your product, make sure we’re there and turned on,’” she adds. Although this new model has been deemed a success— the company is “somewhere north of 90 percent of all merchants today in terms of acceptance”—Discover officials are still trying to reach the last 10 or so percent of merchants. “This continues to be a journey for us,” Offereins says. “We have special arrangements with all of our acquirers that allow us to look at their existing portfolio of merchants. Whenever they see Visa and MasterCard activity but no Discover activity, they give us a list of those merchants, and then we partner with [the acquirers] to figure out how to get [the merchants] to accept Discover.”

Partnering for Success Partnerships with acquirers and issuers have played a vital role in the Discover Network’s success over the years. Recently, the company signed an agreement with Moneris Solutions, Canada’s largest merchant acquirer, which will expand Discover’s acceptance in the northern regions of North America. Similar agreements have been signed with China Unionpay, China’s only national payment network; DinaCard, the Serbian payment network; and JCB, Japan’s largest card issuer and acquirer. “So when a JCB card travels to the United States, it runs on the Discover Network, and we settle it back to JCB,” Offereins explains.“You’re going to see us strike more of these reciprocal deals, which allow networks outside of the United States to come in and leverage our footprint here to gain acceptance.” TT Bryan Ochalla is a contributing writer to Transaction Trends. Reach him at bochalla@yahoo.com.

GivinG it to you straiGht. real reps. real success.

i first joined total Merchant services because I felt like I could believe them. I stayed because they keep their promises â&#x20AC;&#x201C; my overall monthly and residual revenues keep increasing, month after month. the underwriters are superb. I always feel like my customers are safe. I feel like I have total control over my portfolio. Even in uncertain times, I feel secure because I am with a good, ethical company. Without a doubt, aMplify is the pulse of my business. The amount and quality of the information available via the Account Management Portal has made me efficient, effective, and most importantly, profitable. i always know with certainty what is going on with my clients. I can depend on daily emails to notify me of any updates and changes. This lets me focus on growing my business because I know my merchants are safe, secure and satisfied.

Jeff Schafer Iâ&#x20AC;&#x2122;m helping my clients, making great money, and having fun in the process.

see the difference for yourself. Join the team with a proven track record. Check out Total Merchant Services program details at www.upfrontandresiduals.com or call us toll-free at 1-888-84-total ext. 9411 Total Merchant Services (TMS) is a Member Service Provider for: HSBC Bank USA, National Association, Buffalo, NY.