Transaction Trends July 2010

Page 1

Transaction trends | July 2010

The Official Publication of the Electronic Transactions Association

Trustwave CEO Robert McCullen reveals security best practices from client investigations

Forensic

FILES

ALSO INSIDE: Mobile Payments Come Into Their Own Mastering the Art of the Referral Startups Manage Multiple Priorities

Focus. Stability. Trust. In turbulent times… experience becomes infinitely more important.

Selecting the right payments processor has always been important. In today’s economy it is absolutely critical. Choose Elavon – a partner who is focused solely on the payments business. You can rely on Elavon to continue making the investments necessary to successfully navigate the changing payments landscape. One World. One Source for Payment Processing...Worldwide.

www.elavon.com

©2008 Elavon, Inc. All Rights Reserved.

Transaction trends The Official Publication of the Electronic Transactions Association

Vol. 15 | No. 7

cove r s tory Cover photo by Wayne Wallace Photography

10 Forensic Files By Julie Ritzer Ross

Mistakes make great learning opportunities, says Trustwave Chairman, CEO, and President Robert McCullen. The exec shares lessons learned from the company’s breach investigation lab. 10

F EATU RES

14 Mobile

Payments Liftoff

By Richard H. Gamble With hardware and software innovations paving the way, mobile and alternative payments begin to mature.

19

17

Who You Know and Who They Know

SPE CI AL S ERIE S

Startup Stories: Juggling Acts

By Chris Morris

By Julie Ritzer Ross Our three ISOs balance business priorities with relationship growth.

New strategies come and go, but referrals remain the most effective way to land deals. Don’t screw them up.

17

d e pa rtm e n tS 14

5

President’s Message

6

Industry News

7

ISO Corner

6

7

Insights from ETA’s elected leader Trends, strategies, and news in the payments business Remote mobile check capture inches its way onto the scene

22

Vertical Markets

23 24

Ad Index

The value of teen debit solutions

Industry Insider Elavon serves merchants at every level Transaction trends | July 2010 3

Trust. Innovation. Collaboration. – TransFirst.

From zero To Transfirst

®

do you have a need for speed?

• Proprietary leading-edge tools: TransLead, which delivers pre-qualified leads, and TransGuard®, alerting agents when their merchants might be at risk of leaving • Available investment capital • Aggressive revenue share program • Timely and accurate monthly residuals • 96%+ merchant application approval rate • State-of-the-art training

With 15 years of experience in secure transaction processing technologies and services, TransFirst ® is now transforming the ISO/ISA arena. We’re more than a processor, we’re a valuable business partner, blending uncommon support to help streamline the merchant boarding process, as well as a menu of proprietary cutting-edge products. Whether it’s working capital, commission enhancements, or residual advance programs, TransFirst is here to keep your business on the fast track. Take TransFirst for a test drive today! Contact us at 866.969.3350, salesrecruiting@TransFirst.com, or visit www.TransFirstSales.com.

Electronic Transactions Association 1101 16th Street NW, Suite 402 Washington, DC 20036 202/828-2635 www.electran.org ETA Chief Executive Officer Carla Balakgie

President’s Message

ETA Director, Communications & PR Thomas Goldsmith

We Need You

Transaction Trends Publishing office: Stratton Publishing & Marketing Inc. 5285 Shawnee Road, Suite 510 Alexandria, VA 22312 703/914-9200

ou must have heard the news. The legislation regulating interchange has emerged from the House/Senate conference committee. It looks like it will be signed into law by the time you read this. Let me count the ways you have benefited, if you are a member, or you would have benefited, if you have yet to join, from your ETA membership on just this one issue. 1. You were apprised, every step of the way, on the status of the bill as it wound its way through the legislative process. 2. You received spot-on analyses on what the bill could mean to you and talking points on how to approach your legislator about it. 3. You had the opportunity to actively participate in the debate surrounding the bill and in influencing your representatives on its outcome. 4. You are able to receive a copy of the final bill through the ETA, when it is nearly impossible to locate it on your own. 5. You can rely on the ETA in helping you understand what the law means and on educating you on the direct effect it will have on your business and your livelihood. Now, more than ever, the acquiring business and the ETA need you to renew your ETA membership. If you are not an ETA member, we need your financial support and we need the increased influence ETA will enjoy by demonstrating a robust membership. In short, we need you to join. Aside from the above example, there are plenty of concrete benefits of membership, such as discounts on the Annual Meeting & Expo, the Annual Strategic Leadership Forum, and ETA University. But possibly the most important benefit you do and will gain is the opportunity that ETA membership offers. A few months ago, I noted that our association has through its two decades become a true community. Being part of that community opens many doors. You obtain access to opportunities for professional development, for building business relationships and personal connections, and for improving member companies and the entire payments industry. Those who volunteer for ETA committees help create our community, plan ETA events, guide the association’s direction, and shape the content of educational programs and publications. In the process, those who are active in the ETA community build lasting personal and professional connections that are invaluable to their companies and their own careers. Hear it for yourself: The animated conversation ever-present at ETA functions is a manifestation of relationships built through ETA participation. So if your organization is an ETA member, now is the time to renew that commitment. And if your company is not now a member, then now is the time to step up and become part of the growing, vibrant community that’s ETA. The industry is changing before our very eyes, and we need your support and participation. Please join us.

Publisher Debra Stratton Features Editor Angela Hickman Brady Managing Editor Josephine Rossi Art Director Janelle Welch Contributing Writers Richard H. Gamble, Chris Morris, Bryan Ochalla, Julie Ritzer Ross Advertising Sales Steve Schwanz or Fox Associates (800/440-0232; adinfo.eta@foxrep.com) Fox Associates Offices Chicago 312/644.3888 Atlanta 800/699.5475 Los Angeles 213/228.1250

New York 212/725.2106 Detroit 248/626.0511 Phoenix 480/538.5021

Ad Production/Billing Carrie Wood Editorial Policy: The Electronic Transactions Association, founded in 1990, is a not-for-profit organization representing entities who provide transaction services between merchants and settlement banks and others involved in the electronic transactions industry. Our purpose is to provide leadership in the industry through education, advocacy, and the exchange of information. The magazine acts as a moderator without approving, disapproving, or guaranteeing the validity or accuracy of any data, claim, or opinion appearing under a byline or obtained or quoted from an acknowledged source. The opinions expressed do not necessarily reflect the official view of the Electronic Transactions Association. Also, appearance of advertisements and new product or service information does not constitute an endorsement of products or services featured by the Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided and disseminated with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice and other expert assistance are required, the services of a competent professional should be sought. Transaction Trends (ISSN 1939-1595) is the official publication, published monthly, of the Electronic Transactions Association, 1101 16th St. N.W., Suite 402, Washington, DC 20036; 800/695-5509 or 202/828-2635; 202/828-2639 fax. Postage paid at New Richmond, Wisconsin and additional mailing offices. POSTMASTER: Send address changes to the address noted above. Copyright © 2010 The Electronic Transactions Association. All Rights Reserved, including World Rights and Electronic Rights. No part of this publication may be reproduced without permission from the publisher, nor may any part of this publication be reproduced, stored in a retrieval system, or copied by mechanical photocopying, recording, or other means, now or hereafter invented, without permission of the publisher. Nonmembers, government agencies, $150 per year; single copy, $20. Subscriptions are available for 12-month periods only, at the quoted rates.

Y

Warm regards, Holli Targan Holli Targan is president of ETA and a partner at Jaffe, Raitt, Heuer & Weiss, P.C. Transaction trends | July 2010 5

INDuSTRYnews Prepaid and Gift Card Usage To Spike Fast Fact Conservative estimates show U.S. banks are losing approximately $1.4 million annually due to fraud in the remote deposit capture (RDC) channel. Between 300,000 and 350,000 accounts currently have RDC capability. Source: Aite Group

Although annual usage of prepaid and gift cards in the United States dropped 5 percent in 2009, Javelin Strategy & Research is predicting a market rebound in 2010 and dramatic growth over the next four years. Despite last year’s drop, Javelin forecasts prepaid usage will more than double and gift cards will more than triple, the latter reaching $6 billion by 2014.The firm points to lower fees, innovations, and product consistency as consumer motivators to buy more stored value and gift cards. “Government regulations that restrict gift card fees and expiration dates favor consumers and are vital to building the trust that can build adoption and use,” says Mary Monahan, managing partner and research director.“Lower costs and enhanced functionality are luring consumers back and boosting the volume and dollar

FUTURE’S BRIGHT, SAY SMALL BUSINESSES Nearly 80 percent of small business owners believe that economic conditions are either improving or holding steady, and 39 percent report their company’s financial situation is better than it was last year, according to a Capital One Small Business Banking survey. Another 38 percent say their firm’s finances have been stable over the past 12 months. While most (70 percent) of the small business owners surveyed say they are able to access credit or financing and more than half (60 percent) plan to maintain their current level of spending on business development and investments, the majority (62 percent) do not have plans to hire new talent over the next six months. Owners also continue to be mindful of future growth plans. Just over two 6 July 2010 | Transaction trends

thirds (69 percent) are looking to grow their business by increasing sales and number of customers, and 33 percent would like to expand their premises, add new sites, or move into new markets. When looking ahead to potential challenges over the next six months, almost half cite the ability to obtain new customers as one of the biggest challenges they will face, while 30 percent cite the need to maintain existing customers. Bank financing is still the primary funding source for the growth of most small businesses. Half of owners surveyed intend to finance their growth through commercial banks and lenders. One third plan to tap personal savings, and 9 percent intend to use financing from outside partners.

value of cards they purchase.” Regulatory issues and industry maturation also are driving consolidation of players in the market.The market need for one-stop shop, end-to-end providers may result in increased vertical integration versus the multiple niche players in the market today, the firm advises. Other key findings from the report: • Overall, 56 percent of consumers used a gift card in the past year; less than half that many used a prepaid card. • More than one in five U.S. households lacks a checking and/or savings account, while one in five underbanked consumers have used a prepaid card in the past 90 days. • The demographic of consumers receptive to prepaid and gift cards is evolving as merchants and service providers offer payroll and travel products, Internet and mobile device access, and micropayments and teen spending control options.

20 YEARS

ETA Anniversary Fast Facts

› ETA’s Advisory Council has representation from each of the four card brands. In 1993, Visa joined, followed by MasterCard in 1995, American Express in 1996, and Discover in 2000. › In 2009, NACHA joined ETA’s board of directors as an advisor.

These moments in ETA’s history are brought to you by Inventrak-Retail Cloud.

ISO Corner

Mobile Deposits on the Move

Cell phone image capture makes its way—slowly—onto ISOs’ radars By Julie Ritzer Ross

S

ince the October 2003 enactment of the Check Clearing for the 21st Century Act (Check 21) began paving the way for its adoption, remote deposit capture (RDC), in which users employ fixed scanners to capture information from checks for deposit, has been gaining momentum. However, a new payment wrinkle—mobile remote deposit—has entered the fray, bringing with it potential opportunities for ISOs as well as some competitive barriers. RDC users employ fixed scanners to capture information from checks for deposit. In the mobile deposit scenario, merchants and consumers use cell phone cameras to take pictures of the front and back of the check they wish to deposit. Software contained within the phones converts the photographs into digital images that meet Check 21 standards and transmits them to the appropriate bank for deposit. If statistics and analysts’ perspectives are any indication, a viable market and target audience for mobile deposit indeed exists.

Viable New Market “Mobile scan technology is a natural evolution of RDC and represents a logical way” for ISOs and financial institutions to “expand their RDC client base,” says Bob Meara, senior analyst at Celent, a Bostonbased financial research and consulting firm. These entities will likely look to current RDC technology providers to bring to market targeted solutions like mobile deposit to address high-value market segments. Moreover, nearly one third of bank and credit union customers cited a palpable need to offer mobile deposit capture services to their business customers in a recent survey conducted by Brookfield, Wisconsin-based financial technology solutions provider Fiserv Inc.  An even greater percentage of those survey participants—70 percent—believe their customers would benefit from the ability to scan checks “in the field” via mobile deposit

technology. The majority of respondents identify small businesses that sell products and services at the buyer’s location—such as home appliance repair services and food and beverage distributors whose drivers collect payment upon delivery—as good bets for conversion to mobile deposit capture. Nearly all respondents also indicate that customers in these targeted segments would pay for mobile deposit capture services, which would open the door for recurring revenue generation. Perhaps even more significant, survey participants would first consider offering mobile deposit capture services to their

public announcements have been issued. Yet despite this news, ISOs with a taste for mobile deposit may not have to worry about undue competition from banks for merchants’ business. Of respondents to the Celent survey, 49 percent intend to concentrate on the consumer side, rather than the business side, of the market. Mitek originally expected mobile deposit technology to be embraced primarily by small business owners whose work is performed in the field—plumbers, electricians, and contractors, as well as collection agents for utility and telecommunications firms—and may be seeking an alternative

small- and medium-sized business customers that currently use merchant or corporate RDC.There is no reason why ISOs that serve “uninitiated” clients in these two tiers would have a harder time cultivating them than their financial institution counterparts, says Meara.

to credit card acceptance on the go. However, a year-long analysis of the market convinced the company that it and its bank partners will see an audience composed of mostly consumers, not merchants.“Consumers are very willing to use products that save time and are also convenient,” DeBello says. Meanwhile, the development of mobile deposit solutions by providers outside the financial services sector will also help ISOs grab a foothold in this arena. For example, Alpharetta, Georgia-based Ingenico has launched Ingenico ROAM, a suite of mobile applications that includes ROAMpay and ROAMbuy. Configured in cooperation with ROAM Data Inc., a mobile application service provider headquartered in Boston, the patented technology allows nearly 200 million U.S. customers to leverage mobile deposit on hundreds of different devices, ranging from smartphones to feature phones running J2ME and Brew, regardless of cellular carrier.

Banks in the Mix A number of banks have reportedly made the leap to mobile deposit. Mitek, a financial solutions provider headquartered in San Diego, has “dozens” of large financial institutions in its stable of mobile deposit clients, according to James DeBello, president and chief executive.“We believe 2010 is the year of mobile capture, with several banks launching it,” he says, declining to reveal the names of the financial institutions with which Mitek is working. Bank of America Corp. also is rumored to have remote deposit technology irons in the fire. However, a spokesperson would not confirm or deny this rumor, and no

Transaction trends | July 2010 7

ISO Corner

ISOs attempting to promote Ingenico ROAM to merchants can position the applications as able to leverage merchants’ existing mobile technology without changing phones or networks, notes Christopher Justice, president, North America. “The sales message to merchants can be greatly simplified,” he observes.“There are no complicated discussions about changing phones and carriers.” Similarly, NetDeposit Inc. of Salt Lake City is expanding its deposit capture portfolio. The company already offers several RDC solutions that work with traditional scanners. Recently, it inked a deal to incorporate Mitek’s mobile deposit platform into a product designed for use by merchants and other small businesses.

Risks Worth Taking Still, not all potential players on the mobile deposit field are ready to get into the game. “While the idea may be very attractive to merchants, there remain some secu-

Mobile scan technology is a natural evolution of RDC and represents a logical way for ISOs and financial institutions to expand their RDC client base. rity questions to be addressed before we can explore it any further,” asserts Steven Feldshuh, vice president, business development, at ISO Paymint Associates in New York. A majority of respondents to the Fiserv survey indicate that any mobile banking application they deployed would have to include Login and Logout Authorization

(Federal Financial Institutions Examination Council), 128-bit encryption of data on phones, Secure Socket Layer (SSL) encryption over the air, and Check 21 compliance. The “current risk and compliance concerns are powerful ones,” Meara affirms. The analyst cites a recent survey of banks conducted by Celent, in which these factors were deemed the most common reasons for not adopting mobile capture technology. “These fears are not entirely unfounded, especially on the compliance risk side since the current guidelines from the FFIEC do not make any explicit reference to mobile capture,” Meara says. Nonetheless, they “should not be strong enough” to prevent mobile deposit from moving onto ISOs’ roster of services and technologies worth exploring. TT Julie Ritzer Ross is a contributing writer for Transaction Trends. Reach her at jritzerross@gmail.com.

Learn Without Leaving Your Desk A new series of online, cutting-edge, educational seminars to help enhance your knowledge in a wide variety of payment topics.

Choose the online course that’s right for you:  Introduction to Electronic Processing  Introduction to Sales and Marketing  Introduction to Operations  Sales Channel Development

Member $195/each Non-Member $295/each Register online:

www.electran.org Or call ETA:

1-800-695-5509

8 July 2010 | Transaction trends

The Future of Payments, Today.

SAVE THE DATE

October 26-28, 2010 THE BREAKERS • PALM BEACH, FL

KEY NOTES 8 Of more than 200 breach investigations conducted by SpiderLabs in 2009, 98 percent involved purported credit card data compromise. POS systems represent the easiest target for card-present fraud.

8 Educating merchants about how the simplest mistakes can lead to data breaches, and seeing to it that they have “staple� controls in place to reduce the odds, is a good start.

8 Many large organizations have focused efforts on big-picture items, such as securing their cloud computing space, while neglecting the basics, like passwords and software patches.

8 If a merchant has or suspects a breach, it’s critical to start by immediately containing and limiting data exposure, as well as data leakage, including removing the suspected system from the production environment, preserving all available logs, and more.

[ COVER STORY ]

Forensic

FILES

TRUSTWAVE’S SPIDERLABS GETS DOWN AND DIRTY TO BOTH REVEAL AND DEVELOP STRATEGIES TO AVOID THE WORST BREACHES By Julie Ritzer Ross

Wayne Wallace Photography

F

or ISOs, effectively serving as merchants’ trusted advisors includes assisting them with data security issues—from guarding against system compromise to grappling with breaches. A broad base of knowledge, available at least partially from solution vendors that play in the market, is essential in fulfilling this role. “There are definitely many lessons ISOs can learn from our experience and either pass on to merchants or apply in the course of serving them,” says Robert J. McCullen, chairman, CEO, and president of Trustwave, a Chicago-based developer of on-demand and subscription-based information security and payment card industry compliance management solutions. In 2005, Trustwave formed SpiderLabs, an advanced security team within the company focused on forensics, ethical hacking, and application security testing. SpiderLabs has performed

hundreds of forensic investigations, thousands of ethical hacking exercises, and hundreds of application security tests globally. Transaction Trends recently talked with McCullen about some important lessons culled from SpiderLabs’ ground-breaking work. Following are excerpts: TRANSACTION TRENDS: What type of data is most often compromised, and who is most frequently responsible for identifying breaches? Robert J. McCullen: Of more than 200 breach investigations conducted by SpiderLabs in 2009, 98 percent involved purported credit card data compromise. POS systems were breached the most frequently because they represent the easiest target from which criminals can obtain the magnetic stripe data they need to commit cardpresent fraud. In fact, well-known vulnerabilities and the sheer volume of potential targets make Transaction trends | July 2010 11

[ COVER STORY ] POS systems especially “low-hanging fruit,” even to novice attackers. E-commerce systems represent an emerging target in credit card data breaches; they figured into 11 percent of our cases last year. ATMs, too, received their share of attention last year, and this is a trend that will almost definitely continue. In most instances, attackers successfully exploited the environment that housed the machines’ financial transaction switch and related financial application programming interfaces. This gave them access to magnetic stripe data in conjunction with a PIN or PINs and, in turn, cash. In our 2009 cases, the breach of data from ATMs was mostly contained to hardware tampering, with perpetrators physically inserting skimming devices and hidden cameras to capture magnetic stripe data and PINs when entered into the machines. The remaining cases centered on breaches of authentication credentials, financial information, health-care information, and other miscellaneous sensitive data—each of which generated less than one percent

12 July 2010 | Transaction trends

of our work. Only 18 percent of all investigations proved inconclusive, with no evidence of an attacker or attackers having accessed or retrieved system data. In terms of alleged breaches, 80 percent of those we later investigated were uncovered by external regulatory bodies, such as credit card companies with access to the client’s data. Nine percent of the alleged breaches were detected by clients themselves; 8 percent by the affected organization or one of its customers; and 3 percent by law enforcement agencies. TRANS TRENDS: Based on SpiderLabs’ investigations, are any markets served by ISOs especially vulnerable to data compromise? McCullen: Yes, absolutely. Of the clients for which we investigated possible data breaches in 2009, 38 percent were in the hospitality industry; 14.2 percent, in the retail vertical; and 13 percent, in food and beverage. TRANS TRENDS: ISOs can play a role in helping their merchant clients avoid data

breaches by recommending thorough assessments of their applications and networks. What type of assessment exercises does SpiderLabs perform? McCullen: There are several, including: • A pplication penetration testing. This is an attack simulation intended to expose the effectiveness of an application’s security controls by highlighting risks posed by actual exploitable vulnerabilities. For example, staff will attempt to perform an “SQL injection,” wherein malicious code is injected into the database in order to manipulate it and, in the case of hackers, gain illegal database access. Other methods of performing application penetration testing include, but are not limited to, trying to bypass the authentication process for accessing a system, manipulate a URL, or modify an embedded cookie. • Internal and external network penetration testing. In the most common internal testing scenario, a consultant reports for work posing as a regular employee or contractor. Using the same (or slightly lesser) system access levels as real employees in the role being simulated, the consultant iteratively tests all access controls in an attempt to acquire critical data. A remote probe appliance can be placed anywhere in the world and allows our experts to remotely perform tests as if they were physically present within the environment. • Code review. This type of assessment entails detailed inspections of application source code. T   he vulnerability of the tools and commercial applications used to create and run front and back-end services is assessed. • Social engineering and physical security assessment. The remote social engineering assessment determines whether employees of a given organization are, through social networking channels like Facebook, making available or overtly providing information to unauthorized parties. To complete this exercise, members of our team pose as legitimate employees, business partners, vendors, suppliers, customers, technical support, facilities workers, etc., of the client in question and try to leverage social networking vehicles to obtain information that really should not be released.

E-commerce systems represent an emerging target in credit card data breaches; they figured into 11 percent of our cases last year.

The physical security assessment works as its name implies.  We will perform iterative tests of physical security controls, going as far as to walk into a client’s premises with a pizza that was supposedly ordered and attempt to get behind the scenes to deliver it. TRANS TRENDS: What else can ISOs do to help protect their merchant clients from data breaches? McCullen: Educating merchants about how the simplest mistakes can lead to data breaches, and seeing to it that they have “staple” controls in place to reduce the odds, is a good start. In the course of our client work over the past year or so, we have seen many large organizations focusing their efforts on big-picture items, such as securing their cloud computing space, while neglecting the basics, like passwords and software patches. If they aren’t paying attention to these details, then ISOs’ merchant clients probably aren’t, either. Remind merchants to keep their antivirus software up-to-date; there is a tendency to let subscriptions lapse when they expire. ISOs might also double-check that merchants have the proper software patches in place. Additionally, the risk of data breach can be reduced if ISOs do their part to connect merchants only with those valueadded resellers (VARs) that understand the rudiments of data security. Most of the compromised systems we investigated in 2009 were managed by a third party, VAR, or otherwise. In these situations, the third

party introduced many of the deficiencies that were later exploited by attackers, such as using default vendor-supplied credentials and insecure remote access applications. The mistakes made by VARs and other third parties that don’t have a foundation in data can cause major problems. For instance, neglecting to passwordprotect a merchant’s system or assigning too simple a password leaves the back door to the entire system wide open and makes the entire network extremely vulnerable to attack. TRANS TRENDS: What should ISOs instruct their merchant clients to do if they experience a breach of sensitive data, or even suspect that such a compromise has occurred? McCullen: It’s critical to start by immediately containing and limiting data exposure, as well as data leakage.This means: • removing the suspected systems from the production environment. If the systems are Internet accessible, disable access to and from the Internet. • isolating compromised systems from the network. For example, unplug the network cable. However, do not turn off the compromised terminal or other machine. • preserving all available logs (firewall, IDS, Web server, operating system, remote access, etc.). These may be useful in identifying the source and extent of the attack. • creating and maintaining a detailed log

of events, observations, and actions taken after the breach has occurred or is suspected to have occurred. A timeline format is best. • contacting a third-party firm to conduct a forensic audit.  Ask an ISO and/or other merchants for recommendations. TRANS TRENDS: Is there anything merchants and ISOs absolutely should not do when a data breach is discovered? McCullen: Monkeying with a compromised system in any way, other than to separate it from the network,  is a major no-no. It could later be construed by authorities as an attempt to alter or erase evidence. TRANS TRENDS: Obviously, merchants that experience a breach must also follow a certain breach notification protocol. Who needs to be notified, and when? McCullen: All notifications should be issued within 24 hours after a data breach. If the breach involves credit card data, the list of entities to contact should include any internal information security group, officer, and/or response team; the merchant bank; the card associations; and the local offices of law enforcement agencies, such as the U.S. Secret Service. File a report with local police as well. In the case of a breach that is not associated with credit card data, merchants must still report the event to the internal information security group, executive management, the board of directors, and area law enforcement authorities, as well as the local offices of the U.S. Secret Service and/ or FBI.Vendors or sister operations whose systems are connected to the merchant’s network must also be told of a breach. So, too, must the merchant’s customers and the general public, along with the media as needed. Even if ISOs consistently apply these lessons and impart them on merchants, there is no 100 percent guarantee that the latter will never experience a data breach. However, the greater the adherence to these tenets, the lesser the potential for trouble. TT Julie Ritzer Ross is a contributing writer to Transaction Trends. Reach her at jritzerross@gmail.com. Transaction trends | July 2010 13

[ FEATURE]

Mobile Payments

Liftoff

With a surge in apps around the iPhone, mobile payments open new merchant segments and improve targeted marketing By Richard H. Gamble

14 July 2010 | Transaction trends

T

he burgeoning popularity of Apple’s iPhone has brought a flowering of Web 2.0 payment applications to market. And that’s just for starters, predicts consultant Cliff Gray, associate and payment systems expert at the Strawhecker Group. “We’ve seen a lot of product announcements this year built for the iPhone,” he says.With smartphones, mag stripe, and barcode readers and intelligent payment applications, mobile payments are truly coming into their own, he says.“With the hardware in place, we’ll be seeing a lot more applications built around them. Now it’s mostly branded credit card acceptance, but alternatives will follow quickly.”

For several years, tech-savvy consumers have shown they want to move as much business and personal communication as possible to a succession of smartphones and personal data assistants (PDAs) that have grown increasingly sophisticated and popular. Now, those smart mobile devices are becoming the terminal of choice for a growing number of merchants as the mobile payments revolution hits the sell side. Hypercom, Verifone, and USA e-Pay all announced new devices earlier this year, Gray reports. If the iPhone is leading the way into a mobile future for commerce, where better to see that future than an Apple store? In the brick-and-mortar world, you’ll find a large building with maybe 30 sales associates on the floor and just one cash register, explains Steve Elefant, chief information officer at Heartland Payment Systems in Princeton, New Jersey. The sales associates each carry in a holster a compact iTouch (an iPhone without the phone). When you’ve found what you want to buy, they use their iTouch to ring up the sale with a built-in barcode reader. Then, they use an attached magnetic stripe reader to put through the payment, Elefant explains.The buyer can present a physical credit or debit card to be swiped. The sales associate then hands the iTouch to the buyer, who signs it on the screen with his or her finger.  The receipt is e-mailed to the buyer or printed in the store. And that’s it. “I’m out of there in a minute. There is no line, no trip to the cash register,” Elefant says.“This is very creative technology that has a lot of potential applications.”

Plumbers, Electricians, Girl Scouts While the rewards may be apparent in a high-tech Apple store, they’re probably greater in the low-tech realm of small businesses like carpet cleaners, lawn services, pet groomers, physical therapists, plumbers, electricians, ballpark vendors, arts and crafts show merchants, and, quite possibly, Girl Scouts. These traditional cash and check vendors can now get a pocket-sized mobile device that costs under $100 and comes equipped with a card swipe reader and communication capability to get authoriza-

“There is a lot of experimentation in retail right now.” —Stuart Taylor, Hypercom

tion and transmit the payment to a processor. For ISOs, this opens a vast new market of low-volume, hard-to-find merchants waiting to be acquired.“This is a great opportunity for sales reps to expand the market of merchants that take card payments,” Elefant points out. Enterprising ISOs should align themselves with one or more of the mobile device providers like Hypercom,Verifone, and USA e-Pay and aggressively market the new technology to their existing clients, as well as seek ways to tap new vendors among small, mobile service providers, he recommends.“Salespeople have solutions to offer that previously were just not there.” Terminal makers have seized the opportunity to provide the card-swipe and barcode-reader attachments. “It opens up new markets for smartphone users,” says Stuart Taylor, vice president of marketing at Hypercom.“There might be a small crossover in the low end of the traditional market, but it definitely means a net increase in total market size. There are 800,000 sole-proprietor businesses in the U.S., and many of them are already smartphone users for business activity. Some of them have inventory applications connected to their phones. Payment applications give them the ability to take card payments.” When you can carry a wireless terminal in your shirt pocket, “it opens up a lot of verticals that previously were not viable for card acceptance,” Gray points out. Door-todoor salespeople will start using them, he predicts. It not only allows them to accept cards, but it’s a completely electronic solution—quicker, easier, and safer than any of the previously available alternatives, he explains. Before, small mobile sellers who accepted cards often would write down card numbers and key them in later, which was slow, not at all secure, and completely out of compliance with PCI, he notes.

Mag Stripes and Barcodes Hypercom has attachments available that provide mag stripe readers or those swipe readers plus barcode readers. If the device has a barcode reader and the merchandise is barcoded, the barcode is read, much like it would be read at a cash register, and then the card is swiped, like it would be at a fixed POS terminal. Individual-to-individual payment applications are proliferating in the Web 2.0 space, but Hypercom is targeting business sellers and is content to make the equipment and leave it up to its traditional sales channels to sell it, Taylor says. “We’re not going to compete with our ISO customers.” The devices are very compact and lightweight, he notes. Hypercom sells them wholesale to acquirers and ISOs, who determine their mark-up and what the merchant would pay. While you can get an inexpensive entrylevel mobile device with mag stripe reader for $100, devices that include batteries and barcode readers typically go for several hundred dollars, notes Elefant. Security is a work in progress.“There are fewer controls around mobile payments,” notes payments consultant Bob Hughes, senior vice president at Speer & Associates in Atlanta. “It’s easier to hack into or

KEY NOTES 8 Traditional cash and check vendors can now get a pocket-sized mobile device that costs under $100 and comes equipped with a card swipe reader. For ISOs, this opens a vast new market of low-volume, hard-to-find merchants.

8 Terminal makers have seized the opportunity to provide the card-swipe and barcode-reader attachments.

8 Security is a work in progress and may be one reason Web 2.0 technology hasn’t yet penetrated the payments world completely.

8 Enthusiasm over mobile payments breakthroughs needs to be tempered with recognition that cost and the adoption curve remain powerful drags on innovation.

Transaction trends | July 2010 15

[ FEATURE] scam the system.” Even the ratings used by companies like eBay to indicate seller reliability have to be policed to avoid bogus testimonials, he notes. Security concerns are a reason why Web 2.0 technology is primarily a phenomenon of the Facebook and YouTube worlds and hasn’t penetrated the payments world very far, Hughes says. “Most of the current readers attached to BlackBerrys and iPhones send data in clear text,” Elefant notes,“but we are working on an encryption reader that can be plugged into the devices.” The mass of small merchants does present a sales challenge, Taylor concedes, but ISOs will find them through the banks where they have their business accounts or through deals with trade associations for electricians, plumbers, etc., he says.

Lumber, High Fashion, Eateries While the obvious target for card-accepting smartphone terminettes would be small, independent businesses, don’t count out the tier 1 retailers, Taylor says. “There is a lot of experimentation in retail right now,” he notes. Home improvement vendors are experimenting with giving mobile devices to customer service reps who roam the stores. They use them for price look-ups, but could use them to complete a transaction in the aisle, he explains. But there’s more: • High fashion stores: “They really push personalized service. The store person who helps you find and try on selections could check you out at the fitting room instead of sending you to a cash register,” says Taylor. • Full-service restaurants: A waiter could present the bill on a mobile device with a mag stripe reader attached. The diner could swipe his or her own card on the spot, sign with a stylus or finger, and be on his or her way, with no worries about having their card number leave their side, Elefant explains. Many restaurants that offer table-side card payments are using solutions that are expensive and out of compliance. Now, they can switch to something cheaper and more secure. • Fast food restaurants: You can now order fast food from several franchises on your smartphone before you arrive 16 July 2010 | Transaction trends

and simply tap the phone on a device at the point of sale when you pick up the order, reports Donna Embry, senior vice president for strategic product development at Payment Alliance International in Louisville, Kentucky. “It’s a cool new front end for the front end,” she says. • Hotels: If there was a long check-out line, additional staff members could work the line with mobile check-out and payment devices, Elefant says.

New Front, Old Infrastructure Now in trial phases are a number of Web 2.0 alternative payment schemes that use prepaid accounts or ACH settlement or billing through phone providers for convenience or to bypass interchange. However, most of the payments still move through the nifty front end to established credit and debit card settlement infrastructure, which makes them especially saleable for ISOs, says Gray. “  Numerous credit and debit card gateways and processors will support these applications today.” T   hey fit perfectly into the functioning infrastructure, and some even work with smart cards, he says. Lightly used nonbank payment alternatives, some of which draw on a prefunded account, some of which are tagged to a credit card, and some of which use ondemand debit, have proliferated, reports Hughes, who isn’t impressed. “A lot of these are flash-in-the-pan ideas, offered by small startups. They’re handy when they work, but when they don’t, the user is in a world of hurt,” he says. While users buying mobile apps may think they are charging purchases to their phone accounts,“the phone providers put a credit card behind the phone number,” explains Dan Mangus, chief technology officer at Braintree Payment Solutions in Chicago, and sellers do pay interchange. Enthusiasm over mobile payments must be tempered with recognition that cost and the adoption curve remain powerful drags on innovation. Mobile, like any payment innovation, face the realities of adoption rates, notes Kevin Grieve, president and CEO of Denver-based Mocapay. “Visa invests a lot in marketing its brand as ‘everywhere you want to be,’ but if you’re using mobile, it’s not accepted everywhere,” he notes. Only 3 percent of the

6 million merchant locations can accommodate tap-and-go mobile payments. That’s why Mocapay has gone after the closed loop world and specialized in gift cards for its electronic wallet carried in a mobile device. In a typical open-loop transaction, you have to get three parties on board besides the consumer—the merchant, the issuer, and the acquirer. In a closed-loop system, the merchant is the issuer and the acquirer, as well as the acceptor. If a merchant buys in, that brings acceptance at all of that merchant’s locations. When mobile payments are hardware enabled, the cycle time is 18 months for consumer handsets and seven to 10 years for POS systems, Grieve notes.Those hardware change times can slow adoption of new technology. Software is updated more often, which is one reason Mocapay opted for a Software-as-a-Service solution. Operationally, a Mocapay user with a merchant gift card loaded in his or her mobile device would choose merchandise and then punch a button on the device to get a six-digit payment code, which the shopper might read orally to the clerk, who would punch it into the POS system.  Alternatively, the shopper might punch the numbers into a PIN pad, or the number could be communicated by scanning a barcode, Grieve explains. While issues remain around mobile settlement, Web 2.0 has brought a revolution to how communication takes place in the payments space as well as enabling Facebook and YouTube, Embry says. “It opens everything up. We can communicate with all our vendors, clients, and market partners in one instant messaging system. And it’s interactive, rather than the static messages sent by e-mail. It’s an exciting way to get a message out there in a totally interactive way. You can use a PC, but you’re not tied to it any more.” For merchants, the allure so far is not in clearing payments in ways that avoid interchange. Instead, it’s in building sales by cultivating closer communication with important customers, Embry reports. TT Richard H. Gamble is a contributing writer to Transaction Trends. Reach him at gamble10@earthlink.net.

»

Startup Stories:

A special series following three newly launched ISOs (9th installment)

Juggling Acts Startups manage multiple priorities, while also striking up new relationships By Julie Ritzer Ross

» Express Transact, Orem, UT » Leap Payments, Agoura Hills, CA » Paymint Associates, Brooklyn, NY ISOs We’re Following:

C

hange and challenge continue to be the dominant forces for Transaction Trends’ three ISO startups. “Operating as an ISO today—especially as a startup ISO—is a balancing act at the beginning,” says Steven Feldshuh, vice president of business development at Paymint Associates (formerly Paymint Partners) of Brooklyn, New York. While Feldshuh and his partner, George Sarantopoulos, originally believed a time would come when they’d have “fewer balls in the air,” that hasn’t happened.“We have to keep watching for the next ball,” Feldshuh notes. Feldshuh and his team did plenty of juggling at the ETA Annual Meeting & Expo last April.Among their objectives in attending the meeting was finding several partner companies to handle high-risk merchant accounts and payment processing clients based abroad.“Our company is big on developing a diverse sales group, and we are starting to be asked whether we would

accommodate high-risk clients and/or do deals outside the U.S.,” Feldshuh says. During the ETA meeting, Paymint Associates signed an agreement with Payvision, as well as another company, for high-risk processing and for deals inked with foreign merchants whose business is conducted on the Internet. Payvision, which maintains its U.S. office in New York City, offers a suite of credit and debit card payment solutions in cooperation with several major European, American, and Asian banks. Paymint Associates went with Payvision in part because its credit/debit card services accommodate more than 150 currencies, feature very competitive rates, and are deployable worldwide. Feldshuh and his team also shopped the ETA Expo floor for providers of cash advance services and found two companies to work with. “This is not an area we concentrate on, but we are still getting requests for it on a daily basis, and we want to be able to honor them.” They also looked for companies that could help them accommodate the many merchants that have asked about credit and debit card processing via the Apple iPhone. “This is one of hottest inquiries today,” says Feldshuh. Paymint Associates inked a deal with The Phoenix Group, a POS solutions distributor headquartered in New York City, which will allow Paymint to serve as a reseller of VeriFone’s iPhone solution. Unfortunately, the company wasn’t able to identify a POS system vendor to team up with, but Feldshuh, seeing the growth potential in this area, is still looking. In other developments, Paymint Associates management recently decided to consider a move to working with an ISO of Global Payments, rather than maintaining a direct relationship with the company. “Most people would choose to go in the Transaction trends | July 2010 17

»

Startup Stories:

A special series following three newly launched ISOs (9th installment)

opposite direction, but we realized that in order for us to maintain a low overhead, be profitable, and be able to focus on the sale and development of our own products, we needed the assistance of a strong hand on infrastructure,” Feldshuh explains. At presstime, Paymint Associates was anticipating making Louisville, Kentucky-based Payment Alliance International that “strong hand.” “The change from our program to a revenue-sharing model was given much thought,” Feldshuh states.“We looked at the approval rate, the ease of account boarding, and, most of all, the people at the company, and decided it made sense to go forward with this move. Additionally, we realized the importance of getting an upfront cash bonus on account activations. With the upfront money from sales or leasing of terminals almost non existent, we realized we needed to offer upfront dollars to attract agents. Yes, our company’s percentage of residuals is less, but we now have many more hands to handle our agents’ accounts.”

Basking in the Spotlight Technology has been a recent challenge for Leap Payments Inc., according to CEO Will Detterman. Attaining an objective to establish compatibility between its processor and wireless communications provider took the ISO longer than Detterman anticipated. “It seems that whenever you push the envelope on what’s specifically certified, you spend more time than usual making every (systems component) ‘talk’ seamlessly,” he explains.“Now that we’ve resolved the issues, however, we can leverage what we learned and are able to provide better solutions for our merchants.” Detterman believes that despite any annoyance it may have caused, investing the extra time and effort to remediate the compatibility problems now, rather than postponing the inevitable, proved worthwhile. Instead of “selling the same old stuff” as its competitors, the ISO is able to tout wireless payment processing offerings that are a cut above those available elsewhere, he asserts. To minimize similar challenges, as well 18 July 2010 | Transaction trends

as to add value for merchant clients, Detterman and his team remain vigilant about monitoring new technology and solutions developments. The ETA Annual Meeting & Expo was particularly beneficial in that regard, he says. Meanwhile, Leap Payments continues to reap the benefits of recent coverage in American Banker.While the ISO received several referrals as a direct result of the article, Detterman is happier about the fact that it “helped put us on the map via mentions in other publications as well as on Web sites and online blogs.” He encourages other ISOs to welcome media exposure instead of shying away from it because they are occupied with other matters, wary of disclosing excessive information, and the like. “Publicity is always welcome if you’re doing the right things,” Detterman says. “You never know what article will get you noticed by the right person and project your business to a new client, new channel, or even a completely new venture.” As for changes, Leap Payments has begun to delve into targeted marketing initiatives in an effort to ramp up its business. While Detterman declined to elaborate, he notes that the move came after months of observing the reaction of merchants in different target market segments to specific marketing messages. “As a smaller ISO, it’s most important to service your merchants and focus on what makes you unique,” Detterman adds.

Finding a New Stage

Solutions of Henderson, Nevada, to spearhead development of its X-Charge Payment Processing division. CAM Commerce Solutions develops, markets, installs, and services highly integrated POS, enterprise resource planning (ERP), and payment processing solutions for small to medium-size retailers. These integrated applications include: POS, electronic payment processing, inventory control, e-commerce shopping cart, gift card, customer loyalty, and extensive management reporting systems. In his new position, Davis is currently grappling with the transition from a fledgling ISO organization to an established one that is “structurally sound, profitable, and well-managed, but with a ‘startup’ atmosphere.” He says the move has been smooth, but “has presented some new challenges in terms of learning curve and growth for me.” The fact that CAM plans some as-yet-undisclosed changes for X-Change has added a new layer of complexity to the process, but a “fun one, where things could not be better.” Davis attended the ETA Annual Meeting & Expo for one day.“I love that show, and it was the first time I was able to attend in quite some time,” he notes.“In my mind, these shows provide three things—educational opportunities, including industry updates; chances to connect and re-connect with friends, associates, and service providers; and reassurance to the sales force (ISOs and agents) that the companies they work with are still around.  And so am I—I’ve just gone in a different direction.” TT

As Transaction Trends reported last month, Richard Davis, former vice president of merchant services at Express Transact, recently joined CAM Commerce

Julie Ritzer Ross is a contributing writer to Transaction Trends. Reach her at jritzerross@gmail.com.

Let us profile your company! If you launched a new ISO in the last 12 months and would like to be considered for the second Startup Stories series, contact abrady@strattonpublishing.com.

[ FEATURE]

WhoYouKnow Who TheyKnow and

Smart sales leaders leverage their existing customer base and social contacts to build business, but it’s not easy By Chris Morris

I

n a world where the demands for people’s attention grow exponentially, it’s hard to break through the noise, no matter how strong a salesperson you are.And even if you do manage to capture their attention, getting customers to change their ingrained habits is even harder. The brute force method can work—sometimes—but the hours you’ll spend on cold calls, mailings, and learning the best methods to penetrate their walls is expensive. Smart sales leaders leverage their existing customer base and social contacts to build their business. There’s nothing new about the referral. It’s one of the oldest sales methods in the book (and the launching pad of more than a few business clichés). But even as new methods and theories on how to grow your business emerge, there’s still nothing nearly as effective as a trusted associate talking you up. “Referrals are our major way we get sales,” says Tom Nitopi, CEO of NXGEN. “These referrals come to NXGEN in many ways—as bank referrals, software developer referrals, or our newest program—the nxgenambassadors.com referral program.” Conversion rates from referrals are higher, hitting as high as 50 and 60 percent, depending on which expert you speak to.And the cost per customer is lower. But obtaining a referral is an art—one that not every sales executive has mastered. No single trick will make people eager to talk you up to their friends. Instead, it’s

KEY NOTES 8 Reach out to customers regularly after the sale. Don’t come with an agenda and don’t try to sell anything. Instead, simply check in with them to make sure they’re happy and work on building the relationship.

8 People make connections everywhere they go. The better you know your clients, the more you’ll know about who their connections are.

8 The best referrals come from people who conscientiously try to match people to opportunities.

Transaction trends | July 2010 19

[ FEATURE] a combination of factors that each require a level of focus.

1. Customer service. Before you begin the hunt for new customers, it’s critical to make sure the ones you have are more than simply satisfied.The quality of your product or service should be beyond reproach—or should offer features that greatly surpass your competitors’. Far too many companies seem to lose interest in their customers once the deal is done. Or if they do follow up, it’s often an attempt to solicit additional business. Reach out to customers regularly after the sale. Don’t come with an agenda and don’t try to sell anything. Instead, simply check in with them to make sure they’re happy and work on building your relationship with them. If there’s a problem, fix it—immediately. Allowing dissatisfaction to fester can kill your chances at getting a good referral, even from a customer who has been doing business with you for years. Don’t let the size of the account dictate the level of service, either. It’s easy to remember to check in regularly with big clients, but the smaller merchants may be forgotten. They could have valuable contacts, though, which could bring about bigger sales in the future. Customer maintenance takes time and doesn’t have immediate rewards, so it’s easy to let it fall by the wayside. But if you’re not keeping your current customers overjoyed, you’ll never get them to refer you to their friends and associates. 2. Do your homework. Asking for a blanket referral is a waste of everyone’s time.You won’t know where to start your follow-up, and the referral itself won’t be targeted, meaning it probably won’t turn anyone’s head. The problem is: It’s hard to determine who knows whom. Knowing whom to approach for a referral is one of the most important pieces of information you can have in your arsenal. Social networking sites can come in handy as you try to figure this out. Is your target client on LinkedIn or Facebook? Look that individual up and see if he or 20 July 2010 | Transaction trends

Maintenance is just as important after a referral as it is before. It doesn’t matter whether you’re able to convert that lead to a sale, be sure to Recognize that they didn’t have to help you, but chose to anyway. And see if you can return the favor in some manner.

thank the person who gave it to you. she has any connections that can be beneficial. If so, take note of the information, but it’s usually best to not use either of these services for a referral. For one thing, they don’t tell you about the relationship between your contact and the potential client. (Look at your own LinkedIn or Facebook account. Do you know everyone on those lists well enough to provide a referral that would be well received?) Personal contact from a trusted source beats referrals via a third-party service every time. Do your existing customers serve on any outside boards of directors? That’s often a very effective way to secure a referral to a decision maker, rather than a lower-level employee. Similarly, are they

in any social or charitable organizations outside of their office? People make connections everywhere they go.The better you know your clients, the more you’ll know about who their connections are. “Referrals have been a relatively small portion of our new business, but are valuable to us,” says Ken Salazar of PFC Payment Solutions.“Our agents and sales representatives run a new set of warm leads that are set by our call center every day. Because they know that they are going to have fresh leads for them set the next day, they tend to not prospect new business on their own. That being said, we do ask that they generate 25 percent of their monthly production on their

own, and a large percentage of this is through referrals from existing clients.”

3. Passive referrals. Referrals come in all shapes and sizes. Sometimes the best ones are the ones you never asked for. While clients might sing songs of praise about you to connections once in a blue moon, it’s a pretty rare occurrence. But if you send them information that’s useful to those contacts, they might forward it along, spreading the word about your company. This is where regular mailings to your client base can come in handy. Step out of the sales role and think like an editor, assembling relevant information you come across or blog entries that are particularly insightful or well done. These should not be pitches that focus on your products and services, but items that look at trends and new information affecting the payments industry. Clients may see something in your mailing that’s germane to another merchant and forward it on—putting your name and contact information, along with an implied recommendation, into a new set of hands. “Outside of merchants proactively contacting us, we have been successful in mining referrals through follow-up e-mails and postcards that are sent to our merchants at various intervals in our relationship with them,” adds Salazar. Alternatively, sometimes a client is willing to be quoted in a press release or case study for your business.While not as effective as an outright referral, this less forthright endorsement can prove effective at generating leads. 4. How to ask. Once you’ve figured out who to approach, you’ll need to know who to ask, and how. There’s no one-size-fits-all formula, though, since everyone handles their relationships differently. A good place to start looking for referrals is with your largest customers.The bulk of your revenue generally comes from a small percentage of your clients. These people and companies know you. Tap into that enthusiasm for energetic referrals. It’s crucial to have some sort of ongoing relationship with the person you approach for a referral, even if it’s just exchanging a few words at a trade show each year. If you

reach out to someone you haven’t been in touch with at least semi-regularly, you probably won’t get the referral—and if you do, it won’t be as boisterous as you would hope. As you ask for the introduction, it’s also important to explain exactly why the friend or associate you’re being referred to will care about what you’re doing.Your contact will be putting their trustworthiness on the line for you and the smart ones are not going to do so unless they’re convinced the match will be a good one. “Every time you refer someone, it’s a chit,” says Jim Nichols, a senior partner at Catalyst:SF, a “marketing capital” firm that helps startups succeed through more effective marketing and revenue plans. “We collect chits and spend chits in our lives. If I match someone up with a vendor that’s going to be useful to them, then it’s a chit in my favor. If I send someone that has no purpose or value in talking to the individual, it costs me credibility.” You may still get the referral without doing this, but instead of your customer acting as an evangelist in that initial reach out, the referral will likely be generic and less likely to result in a sales conversion. The best referrals come from people who conscientiously try to match people to opportunities. Empathy is a key factor when asking for a referral (as it is with so many other parts of the sales process).The relationship should be two-way. If there are any immediate benefits for the person who’s making the introduction, be sure to point them out. And if there aren’t, make sure they know you’ll remember how they helped you in future business dealings.

5. Know when not to ask. Not everyone you do business with is going to be a potential referrer. Some don’t have the connections you need, but a good deal more simply don’t want to impose on their friends or associates. “Asking for referrals is a tough game, even when you’re working with a partner,” says Scott Olson, president of MindLink Marketing, a San Francisco-based company that provides strategic marketing services. “We’re all inundated and overrun by solicitations.The last thing someone wants to do

is be a point of frustration with someone they have a relationship with, so they’re very careful about any introductions they make to their social network.” When you do have a client that’s happy to refer you, don’t abuse the relationship. People generally know when they’re being used and if they begin to resent that, the referrals will stop (or, at the very least, become less enthusiastic). Be up front with the people you’re asking for referrals. If you’ve approached a company previously and haven’t had any success, the referrer deserves to know. Some may choose not to give the referral upon learning this, but it’s better to risk that than damage your relationship with them. Further, there’s no appeals process when it comes to referrals. If someone declines, thank them for their consideration and walk away. Pushing them will only result in annoyance and frustration. Protect your relationship with them first and foremost. Don’t go overboard when it comes to referrals, either.A single call or e-mail carries a lot more weight than several. You might have several contacts that have ties with the person or company you hope to make a client, but if you have them all reach out, it telegraphs your desperation.

6. Follow-up. Maintenance is just as important after a referral as it is before. It doesn’t matter whether you’re able to convert that lead to a sale, be sure to thank the person who gave it to you. Recognize that they didn’t have to help you, but chose to anyway.And see if you can return the favor in some manner. Moderate the success rate of your referral traffic, also. It should be at least five to six times more successful than other types of leads. If it’s nowhere close to this, it likely points to a problem with the quality of the referral (which, as mentioned previously, often ties in directly with your level of customer relationship maintenance) or the quality of your pitch (which could mean you’re not doing a good job of pairing potential customers with your services). TT Chris Morris is a contributing writer to Transaction Trends. Reach him at chris.r.morris@gmail.com. Transaction trends | July 2010 21

ISO Corner VERTICAL MARKETS

Child’s Pay Not So Easy

Teen prepaid solutions likely remain hard sells for ISOs despite ripening market conditions By Brian Todd

W

ith tough economic conditions and tighter government restrictions on teens’ access to credit card accounts, teen prepaid debit solutions have been receiving more attention as a safe way to spend their hardearned allowance. But their value to ISOs, however, remains to be seen. Teen spending is on the rise, and branded cards will have a big part in that spending, according to Packaged Facts, a market research organization that analyzes consumer trends. In a recent report, the organization predicts spending by 12- to 17-year-olds will increase 3.5 percent to $91.1 billion in 2011 despite a 3 percent population decline in that age group. Still, teen prepaid debit solutions have enjoyed only mild success. Marketing a product that appears cool to kids but also safe and reliable to parents is a challenge, as is the narrow merchant base with which ISOs can partner. However, with the passage of the 2009 CARD Act, which prohibits credit card accounts for teens under 18 and requires a co-signer for 18to 21-year-olds, the time for teen-oriented solutions is now, say their developers.

Popular Picks The prepaid market has developed a host of card solutions that give parents peace of mind and teens a measure of freedom in how they spend money.These branded, personalized card options are marketed as safer cash, can be used in stores and online, and serve as tools for teaching teens to spend responsibly. “For parents, we want to make this convenient. They can do direct deposits online or transfers for free,” Bailey Cuzner, director of marketing and communications for Plastic Cash International LLC in Huntington Beach, California, says of the company’s popular Myplash cards. “For teens, they can’t really use Mom and Dad’s credit or debit cards, so this gives them a card to use, which is cool for them.” Co-branded with MasterCard and sold 22 July 2010 | Transaction trends

through other online youth retailers, including those in the action sports industry. BillMyParents also has a branded MasterCard option that offers teens a bit more freedom, but parents are still in control of the account. “Debit cards are like cell phones,” Collas says.“It’s going to be a must-have for teens.”

ISO Reality in stores and online, Myplash offers security features, online tracking, and low fees, including no empty-card fee and no transaction fee. The goal of Myplash is to introduce teens to budgeted spending using a debit card that won’t hurt their credit. Teens can take out a card without parental approval; however, Myplash does encourage teens to go through their parents who can upload emergency funds to the card and deposit allowances at regular intervals. Similarly, Visa Buxx, which is offered through five different financial institutions, provides many of the same spending and tracking options as Myplash as well as Visa’s Zero Liability protection for lost or stolen cards. However, unlike Myplash, Visa Buxx does require a parental partner to activate the card. Parents also can monitor transactions, set spending limits, and set automatic deposits to the card. For Internet shopping, teens and parents can opt for the BillMyParents payment system, which differs from Visa Buxx and Myplash in that teens and parents can have an account without a branded card.Teens browse a special storefront powered by Amazon.com and click on the branded button for items they want, generating a notification to parents who can then complete the transaction or not. “We make it an impulse selection for the teen,” says Jim Collas, president and CEO of BillMyParents. In essence, the button works like a wish list and has no financial repercussions.The company currently is working to launch its payment services

Unfortunately, getting a piece of the teen prepaid market has not been as simple as taking candy from a baby—and will likely stay that way. Because the money to be made comes from the monthly fees charged to cardholders rather than interchange on card transactions, the typical ISO sales model does not work with teen prepaid cards. “I think you would have to be an issuer or have sponsorship as a card-issuing ISO in order to take advantage of co-branding opportunities with teen-focused merchants,” says David Fish, senior analyst for Mercator Advisory Group in Maynard, Massachusetts.“I don’t know of any merchant service providers in the market that are specifically issuing teen cards as a valueadded product within their merchant acquiring operations. A number of banks that are also acquirers do, but their teen prepaid products typically exist in other lines of business.” In fact, the teen prepaid card market, like most prepaid segments, is a niche market that would take considerable commitment and effort in direct-to-consumer marketing to fully exploit.“This is not an everyday opportunity and it is one that would take considerable effort to build,” Fish says.“With a general purpose reloadable prepaid product, as opposed to a teen product, you at least have a broad base of merchants to approach as potential co-brand partners.” TT Brain Todd is a contributing writer for Transaction Trends. Reach him at mywriting2431@yahoo.com.

ETA 2009-2010 BOARD OF DIRECTORS OFFICERS PRESIDENT Holli Targan Partner Jaffe, Raitt, Heuer & Weiss, P.C. PRESIDENT-ELECT Rick Pylant President & Chairman COCARD Marketing Group, LLC

Kim Fitzsimmons Senior Vice President–First Data Services First Data Corporation

Advisory Council Robert Baldwin President & CFO Heartland Payment Systems, Inc.

Heidi Goff President & Managing Director, The Americas Hypercom, Inc.

Joe Cohane CEO Veracity Payment Solutions

Stuart Harvey CEO Elavon

TREASURER Eddie Myers President & COO Payment Processing, Inc. SECRETARY Roy Banks CEO ACCELERATED Payment Technologies™ IMMEDIATE PAST PRESIDENT Nick Baxter Senior Vice President First National Bank of Omaha DIRECTORS Todd Ablowitz President Double Diamond Group

Robert McCullen CEO Trustwave Debra Rossi Executive Vice President Merchant Payment Solutions Wells Fargo Bank Dave Siembieda President & CEO CrossCheck, Inc. Tom Wimsett President & CEO National Processing Company

Greg Cohen President Moneris Solutions

Dean Leavitt Chairman & CEO Unicorn Partners, LLC Ed Myers U.S. President Global Payments, Inc.

ex-officio Carla Balakgie CEO Electronic Transactions Association Jan Estep President & CEO NACHA Sameer Govil Head of Acceptance Solutions Global Acceptance Visa Matt Johanson Vice President Acquirer Relations Discover Network

Deana Rich President Rich Consulting Jeff Rosenblatt President EVO Merchant Services

Gerritt Kerkstra Senior Vice President Acquirer Relations MasterCard International

Kurt Strawhecker Executive Partner The Strawhecker Group

Bryan O’Malley Vice President American Express

Buzz Stryker President & CEO POS Portal, Inc.

LEGAL COUNSEL Dave Goch Attorney at Law Webster, Chamberlain & Bean

Advertisers index Company

Page

Phone

Web

866-437-0491

www.authorize.net

1

800-933-0064 x5147

www.cynergydata.net

2

678-731-5000

www.elavon.com

888-84-TOTAL x9727

www.totalmerchantservices.com

Authorize.Net

C2

Cynergy Data Elavon Total Merchant Services, Inc

C4

TransFirst

4

214-453-7711

www.transfirst.com

USA ePay

8

866-872-3729

www.usaepay.com

Visa USA, Inc.

C3

www.visadps.com

Transaction trends | July 2010 23

Industry Insider

Staying the Course Dedication to its mission helps Elavon serve clients big and small By Bryan Ochalla

S

uggest to Mike Passilla that his employer, Atlantabased Elavon, is an acquirer and processor and he’ll tell you,“We’re much more than that.” “We consider ourselves to be a full-service, comprehensive provider of secure, scalable, end-to-end payment products and solutions to the global marketplace,” says Passilla, who has been Elavon’s executive vice president of global business development since 2007. Elavon offers a wide array of products and solutions, from credit and debit card processing, electronic check services, gift cards, and e-commerce to multi-currency support, cross-border acquiring, and gateway services. The company also handles transaction processing, risk and underwriting, settlement, equipment deployment, chargeback management, reporting, and “It is a challenge sometimes customer service. to stick to our guns and to The rationale behind such vast operations is to serve the entire remember that our success is merchant and partner base, rather a result of staying true to who than focusing on a specific market segment.“One of our core capabiliwe are.” —Mike Passilla ties is that we have the agility and flexibility to serve the needs of small to medium merchants and partners while extending the capability, capacity, and horsepower to serve the needs of the biggest and most demanding merchants and partners,” says Passilla.

Power of One In addition to products and services, Passilla believes Elavon differentiates itself from the competition in a number of ways, namely its single-system platform. “Domestically and internationally, we have consolidated back-end and front-end systems, and when we acquire a portfolio or another company, we don’t leave their legacy systems to sit out there—in effect creating a web of a processing environment,” says Passilla. Instead, the company converts and runs everything on one platform:“Not only does that allow us to create efficiencies, which benefits our clients and partners in the form of cost efficiencies, but it allows us to run a more secure, stable operating environment, too— because you have fewer breakage points and fewer 24 July 2010 | Transaction trends

transfer points for a single transaction,” he adds. Financial stability also goes a long way in attracting ISOs and merchant sales partners, says Passilla, especially during troubled economic times.“A byproduct of that financial stability and security is that a lot of people look at us as a very safe partner.  They know that if they partner with us, they are going to get funded.”

Unique Challenges Although Elavon isn’t facing the same financial pressures as other industry players, clients, and partners, Passilla says company leaders find foreign market expansion challenging. Elavon already has moved into Europe and Mexico, but the company has aspirations for Southeast Asia and other regions of the world because it has a “unique, tested, proven value proposition” that can be quickly adopted and gain traction in foreign markets, says Passilla. “Our philosophy is we don’t just go into a market alone; we go in with a high-quality partner. It goes back to our mission statement: Elavon drives the growth for our customers and partners by enabling commerce around the world.” Locating those partners—partners that share Elavon’s perspective as to what constitutes healthy growth as well as other crucial business strategies—will be key to introducing the company’s products and services globally, Passilla points out. “That kind of leads into another one of our challenges, which is to stay true to ourselves and our value proposition,” he continues. “We get approached every day with new and unique opportunities by partners who want to take us a little bit away from our central strategy. They are almost always engaging and interesting and relevant opportunities—to the point where we want to say yes to them—so it is a challenge sometimes to stick to our guns and to remember that our success is a result of staying true to who we are. “Sure, it would be easy to chase those short-term dollars,” says Passilla, “but that could cause long-term ramifications that are negative for our company as well as our clients and partners.” TT Bryan Ochalla is a contributing writer to Transaction Trends. Reach him at bochalla@yahoo.com.

© 2010 Visa

Be on a first-name basis with debit processing:

Celeste Naturally, Celeste’s not alone. Every member of the Visa® team is backed by our reliable global payments network and a proven issuer processing system. But Celeste is also a 24/7 Account Executive who’s tapped into new products from Visa and never fails to give her clients first-mover advantage—long before other processors. Find out what Celeste and her team can do for you at visadps.com.

Tr a n s a c t i o n P r o c e s s i n g

Risk Mitigation

Business Analytics

GET THE REAL STORY. REAL REPS. REAL SUCCESS.

What makes you good sales agents? Having the same regard for each customer, no matter how big or small. Why do merchants choose you? We always put ourselves in their shoes. We know what it’s like to get the runaround and our service is always up-front. What’s your aspiration? To build long-term financial security for our kids. And to enjoy some of the finer things today, by earning well above the average. Chris, what’s your inspiration? I grew up relatively poor compared to many of my friends in high school. I think seeing their much nicer homes and nice vacations, etc. definitely made an impression. Monica, how do you maintain your work/life balance? I leave work at the office and the computer off at home, otherwise I get sucked into the email trap! What were your residuals before the TMS Free Terminal Placement Program? Average. Residuals now? Way above average! What’s the best decision you ever made? Joining Total Merchant Services as sales partners. What’s your greatest accomplishment? Our family. Your perfect weekend? Being with the kids at the beach.

Chris and Monica Collins Business Credo: Give a lot to get a little.

Start writing your success story today! Join the team with a proven track record. Check out Total Merchant Services program details at www.upfrontandresiduals.com or call us toll-free at 1-888-84-TOTAL ext. 9411 Total Merchant Services (TMS) is a Member Service Provider for: HSBC Bank USA, National Association, Buffalo, NY.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.