Project & Solution Index Projects & Best Practices
Solutions
Increase Alternative Payment Options
2
6
Increase Automated Fraud Detection Accuracy and Botnet Detection
3
7
Actively Manage Payment Authorizations to Increase Revenue Capture and Lower Processing Costs
4
10
Eliminate Payment Data Capture, Transmission, Storage
5
10
Consolidate & Centralize Payment Systems
5
12
Get Started on Your Projects with Advice from CyberSource Payment Management Experts Contact CyberSource to discuss your projects and see how we can help. We’ll be happy to provide additional advice, insight, statistics and solutions information. 1-888-330-2300 www.cybersource.com > Contact Us Email: info@cybersource.com
Copyright 2009-2010, CyberSource Corporation. All rights reserved. Distribution or re-use of content in this document is strictly prohibited without the expressed written consent of CyberSource Corporation.
Payment Management Project Guide 2010
Staging for Recovery: Active Payment Operations Management The post-downturn era appears to be a climate of cautious growth, although eCommerce will likely receive a disproportionate share of the growth as it is the most scalable channel1. Therefore, businesses with eCommerce sales channels are pressuring payment operations staff to enable growth, but do so with downturn-era resources. So, the 2010 project theme appears to be one of optimization in preparation for expansion.
As the economy begins to show signs of a pending recovery, medium and large businesses continue to shift their attention from payment processing to payment processing management – meaning, there’s an increasing emphasis on improving the process of managing payments throughout the entire order acceptance lifecycle, not just transacting a payment at the time of sale. Why? Typically payment operations place a drag on business results equal to 5-8% of revenues or more. By actively managing and streamlining payment operations, you can scale the business with your current resources, as well as directly contribute to optimal bottom-line results.
1
In this year’s guide, we’ve noted the top 5 initiatives your peers are pursuing for 2010 and why, along with potential solutions as a means of addressing these initiatives.
Increase Alternative Payment Options
2
Increase Automated Fraud Detection Accuracy and Botnet Detection
3
Actively Manage Payment Authorizations to Increase Revenue Capture and Lower Processing Costs
Order Global Payment Acceptance
Order Screening & Review
Processing Management
Collection & Reconciliation
Profit Retained
Payment Security (PCI) & System Administration
4&5
Eliminate Payment Data Capture, Transmission, Storage Consolidate and Centralize Payment Systems
1. Internet Retailer Top 500 Guide 2009 Edition
1
© 2009-2010 CyberSource Corporation
Payment Management Project Guide 2010
Top 5 Initiatives Merchants are Taking to Prepare Their Payment Operations for the Economic Recovery 1
Increase Alternative Payment Options
The Project Coming out of the recession, consumers will have less credit as part of their spending portfolio for a variety of reasons: banks have tightened their lending policies, consumers may have to deal with reduced income due to job loss, etc. By providing alternate payment options such as PayPal and Bill Me Later, your business can see an increase in revenue that adds directly to your top line. Related, companies that sell internationally are adding local payment types that also provide wider customer reach.
Cost
Get Started
Integration costs are typically very low, as most services are available via an API and Internet connection, without any requirement for local databases, software or hardware. Services typically carry a pertransaction fee that easily scales with sales volume.
Investigate CyberSource payment services that provide direct access to PayPal and Bill Me Later services, along with other popular US and global payment services. See page 6.
Online Payment Types Accepted By North American Merchants Credit/ Debit cards
Business Improvement Adding PayPal and Bill Me Later as options at checkout has been shown to bring an uplift in both spending and average order size. The PayPal Express Checkout method delivers a conversion rate that is, on average, 23% higher than standard checkout, and increases sales 14% on average2. With Bill Me Later, average order value increases up to 75%; purchase frequency increases by 40%; and sales increase by 33% on average3. Adding local payment types in international markets can lift conversion as much as 50%.
PayPal
28%
Gift cards/ Certificates
22%
Electronic checks or ACH payments
18%
Bank transfers
12%
Bill Me Later
11%
Private label card
10%
Google Checkout
8%
Amazon Simple Pay
2%
Mobile Payments
1%
Source: 2009 CyberSource Payment Report
2. www.paypal.com 3. www.billmelater.com
Š 2009-2010 CyberSource Corporation
100%
2
Payment Management Project Guide 2010
2
Increase Automated Fraud Detection Accuracy and Botnet Detection
The Project More transactions mean more orders to screen. To
Adding Device Fingerprinting with Deep Packet Inspection
maintain efficiency, your peers are increasing the accuracy of their automated sorting process. Botnet attacks are emerging as the greatest threat to current defenses. Fraudsters hijack legitimate computers by deploying botnets; these botnets then initiate the orders that appear to come from a valid customer and device. By using Device Fingerprinting technologies that employ deep packet inspection – rated as the most effective
Orders
A. Detectors & Rules
detector and highest on merchants’ to-implement list4 – you can detect the true origin of the orders and actual
Accept/Reject
behavior of the device—even if a botnet is being used. In doing so, you can increase your acceptance of valid orders, detect more fraud, and decrease volume of orders Review
going into manual review. Some merchants are extending this project to include enhancement of the case management application to streamline reviewer tasks. These include integrating validation service callout from within the case
B. Manual Review
management screen, to eliminate duplicate data input and screen swapping, and consolidating decision data. Business Benefit
Enhancing Case Management Tools
You can improve the acceptance rate of valid orders as well as nearly double current review team capacity. In short, your team can handle up to double the sales volume without adding staff, as well as decreasing fraud and converting more sales automatically. Cost
Get Started
If your fraud service already offers device fingerprinting,
Consider CyberSource Decision Manager solution, which
the only cost may be the time it takes to add tags to your
gives you access 150+ global detectors and tests on
checkout pages to facilitate the fingerprint. If you do not
demand, including Device Fingerprinting with advanced
already subscribe to a fraud service with this capability,
deep packet inspection. Implements as an on-demand
the cost can be as little as $2,500 for implementation, and
solution (SaaS model) in as little as one month, and
a small monthly fee and cents per transaction thereafter.
doesn’t require use of CyberSource payment services.
Generally self-funding with sales volume.
See page 7.
4. 10th Annual Online Fraud Report, CyberSource 2009
3
© 2009-2010 CyberSource Corporation
Payment Management Project Guide 2010
3
Actively Manage Payment Authorizations to Increase Revenue Capture and Lower Processing Costs
The Project
Business Improvement
Two key projects are being worked on: implementing
Account updater services can help you decrease
account updater services and revising processing logic to
payment failures for accounts on file (one-click-buy)
address changes in Visa policies regarding authorization
and/or increase subscription retention by as much as
management. These assessments may be passed on by
10%. A reduction in authorization declines can also help
your merchant account provider, and thus increase your
you avoid higher interchange rates. Actively managing
processing costs if authorizations are not managed
authorizations to conform to the latest Visa assessments
appropriately (see page 13 for details on these
can yield a cost savings from $0.02 to $0.10 per non-
assessments).
optimized transaction, typically equating to an overall savings of 0.4% to 0.7% in processing costs per month.
1. Account Updater Services. If your company uses one-click-buy (account on file) or recurring billing
Cost
models, you may wish to consider implementing
These services may be available via your current
account updater services. This service, offered by
payment connection and would require only a set-up fee
Visa and MasterCard, provides automatic updates to
to start. If your current provider does not offer these
cardholder records based on data feeds from
services via your current connection or requires additional
participating issuing banks. Using this service, your
integration, the typical implementation for account
billing records can be automatically updated to
updater service requires an average of 6 weeks from plan
decrease the likelihood of authorization failure.
to go-live (depends on the specifics of your environment).
2. Revising Processing Logic to Address New Visa
The time to manually correct and implement logic to
Policies. If your systems currently initiate a $1
address new Visa assessments is dependent upon the
authorization to verify the account (either as part of
number of systems involved and how your processing
payment acceptance or within your fraud screening
logic is coded.
process), you will want to re-design this process to
Get Started
convert to a $0 authorization request. Additionally, ensuring that your processing logic appropriately
Consider Account Updater services from CyberSource
matches authorization and capture/settlement
that lets you automatically update your customers’ credit
requests (each authorization is matched to a
card information through a recurring billing or payment
settlement request within 10 days, and each
tokenization engine. Our professional services team can
settlement/clearing request is associated with an
also implement Account Updater services for you if you
authorization) should also be an element of this
use a provider other than CyberSource. CyberSource
project. Depending on your payment service provider
payment services support automation of processing logic
and processor, you may be able to automate most of
to address new Visa assessments and control processing
the processing logic, or you may need to implement
costs. See page 10.
appropriate logic within your systems.
Active authorization management can reduce processing costs from 2¢ to 10¢ per transaction © 2009-2010 CyberSource Corporation
4
Payment Management Project Guide 2010
4
Eliminate Payment Data Capture, Transmission, Storage
5
Consolidate & Centralize Payment Systems
The Project
The Project
Among the most popular projects are those that remove payment data exposure by eliminating payment data capture, storage, and interaction with human agents. Core to these initiatives is tokenization. Recently, a majority of merchants have shifted from not having plans to either testing or evaluating the implementation of tokenization as an enterprise payment security strategy5. Using this strategy, a digital token is stored on your systems instead of the actual payment data (which is securely stored with your payment processor). In addition, projects include removing risk at the point of payment data capture using web forms and interactive voice response systems hosted directly by payment service providers. Some merchants are taking this one step further by outsourcing tasks that require employees to interact with payment data, such as order review and chargeback management.
To continue to support business growth, the fewer systems and vendors you have to manage, the more efficient you are. As your peers expand payment types and market reach, and engage in multi-channel/crosschannel sales strategies, a top project has become systems consolidation. The goal is to have an easily managed and less distributed infrastructure which provides a single platform to access processors and associated services, as well as centralized management and administration. Business Improvement Consolidation of payment data systems, infrastructure, service providers and processors across sales channels and geographies allows you to reduce the complexity, cost and security risk of managing your payment operations. It also makes reconciliation simpler, as duplicate administrative tasks can be eliminated. Finally, you can operate with less staff, resources and cost, and reduce technology redundancy, thereby more easily and quickly scaling your business to respond to market opportunities.
Business Improvement By removing the sensitive payment data from your environment, you can secure your payment operations and comply with PCI requirements with less cost and complexity. And, in doing so, your risk of data breach is reduced, which helps protect your brand so you continue to build consumer confidence.
Cost Varies by environment, and the number of channels and systems. ROI is dependent on your current merchant account pricing, staffing to manage multiple systems, and cost of maintaining security across the complex infrastructure.
Cost Some payment providers offer these services via the same connection used for payment processing. If so, your cost may be only a set-up fee and a service fee per record or per transaction, depending on the pricing. In some cases process redesign is required, along with integration of multiple systems that may require use of the token.
Get Started CyberSource professional services can provide a centralized payment system software framework and adapt it to your specific operations. The solution can be deployed onsite, or fully hosted and managed by CyberSource. Use the CyberSource payment management platform and merchant account services to help streamline and consolidate worldwide operations and vendor management. See page 12.
Get Started Use CyberSource’s PCI-DSS certified Payment Tokenization with Remote Secure Storage service. This service also operates with CyberSource Hosted Payment Acceptance solutions, including web capture and an interactive voice response system option for call centers. Use together with Account Updater service to enhance revenue capture. Outsource Order Screening and Chargeback Management functions to CyberSource PCI-certified experts. See page 10.
5. PCI Knowledgebase, March 2009
5
Š 2009-2010 CyberSource Corporation
Payment Management Project Guide 2010
On-Demand Payment Management Solutions for Your 2010 Projects One Platform, 3 Modular & Integrated Payment Management Services • Global Payment Processing • Fraud Management • Enterprise Payment Security All available via a single Internet connection
One Platform, Full Order Lifecycle Support Easily integrates capabilities, with every department and system in your order flow. Integration Layer: pre-integrated services are accessible via a common interface, with centralized data storage. Intelligent Management Layer: provides standardized interface to manage and control processes, generate analytics, and administer users across services. Virtual Platform (SaaS/Managed Services): SaaS model removes toxic payment data from your environment, provides scalable systems, and offers expert outsourced services to help you scale human resources and expertise. 1
Implements Fast. No Maintenance.
Pay as You Go Model
CyberSource solutions are available on demand (Software as a Service, SaaS model). Simply connect via our API and access the services. We maintain all code in our worldwide PCI-certified datacenters. So, there’s nothing to maintain or install.
Most services are priced per transaction, so it’s easy to adopt new capabilities and grow your business, without a lot of fixed fees that delay project approval or undermine profits. An excellent way to scale your operation as the economy improves.
PayPal , Bill Me Later, and Global Payments via CyberSource faster and easier. Available via online search, preconfigured downloadable reports, and XML data feeds direct to your financial systems.
PayPal and Bill Me Later services can be implemented via the CyberSource API. Via this same API you can also access other popular payment types including major credit and debit cards, bank transfer and local payment options, in over 190 countries.
More Fraud Control
Use one connection for all payment types. Accept PayPal and Bill Me Later without installing or managing a separate connection. One interface lets you process all payment types, domestic and worldwide.
Your CyberSource implementation of PayPal and Bill Me Later services offers additional fraud management control via our fraud portal, Decision Manager, which provides access to over 150 additional validation tests and services. These services help you further decrease fraud loss and minimize order review. See page 7.
Streamline Reconciliation
More Secure Payment Operations
PayPal and Bill Me Later payments are reported alongside your other payment transactions in one convenient report. CyberSource consolidates all payment reporting making reconciliation and customer service
PayPal and Bill Me Later services are delivered via CyberSource PCI certified datacenters (USA, UK, Japan).
Manage Easier via CyberSource
© 2009-2010 CyberSource Corporation
6
Payment Management Project Guide 2010
2
Decision Manager with Deep Packet Device Fingerprinting
The CyberSource Decision Manager System Our hosted Decision Manager system with CyberSource Intelligent Review Technology™ helps you reduce the need for review, speed review, and optimize business results. More Accurate Screening Reduces Manual Review Volume 1.Automated Screening with Device Fingerprinting Our portal provides on-demand access to 150+ global fraud tests, across four dimensions of detection. Rule console lets you enforce acceptance policies based on test results. It’s a proven best practices approach to accurately detect fraud and lift conversion, while minimizing need for manual review.
productivity. Reviewers no longer need to invoke reverse telephone lookup, credit history and similar services via separate screens, or input required customer data. Validation services are called from within the case interface and all necessary customer information is automatically submitted without additional data input.
Faster, More Accurate Case Review 3. Review Dashboard with In-line Validation All order and validation data, along with reasons for order outsort, are conveniently displayed within a workflow-savvy case review dashboard. Reviewer validation tasks are also streamlined to increase
Orders
1
Auto Screen
Built-in Device Fingerprinting Portal provides access to 150 global fraud detectors and tests, complete with business-user rule console to automatically enforce acceptance and review policies.
Smarter, Automated Case Routing and Queue Management 2a. Case Routing & Priority Assignment Establish rules to automatically route cases and assign priority based on order profile and reviewer skill set. Case ownership features enable active reviewer management and prevent multireviewer intervention.
2
3
2b. Automated Queue Management Automated Routing & Priority Assignment
Create rules to automatically monitor case handling and ensure they clear the queue per your customer service commitments. Cases at risk trigger action alerts or are automatically dispositioned per your business rules.
Automated Queue Management
Manual Review
4 Tuning & Analytics: Better Predict and Control Business Results Test mode, process performance and reviewer performance reports let you monitor results and adjust on demand.
7
© 2009-2010 CyberSource Corporation
Payment Management Project Guide 2010
Rule Console and Detector Suite Rule Console: Easily Create Screening Rules On Demand Our easy-to-use Web interface lets your business managers quickly create rules that interact with multiple, global validation services, to automatically analyze and sort incoming transactions associated with all major payment types: • Create rules using a pre-defined rule library and easy-to-use custom rule builder • Create multiple screening “profiles” (product category, SKU, expedited shipping, etc.) • Apply conditional relationships between several rules using “and” / “or” type logic
Access Over 150 Popular Validation Tests—Including Device Fingerprinting Only CyberSource lets you cast a deep net across four dimensions of validation, in less than 2 seconds, to catch fraudulent behavior sooner and more accurately. Simply put, it’s harder for fraudsters to look like unique customers because you can simultaneously compare their behavior and order profiles across multiple anonymous merchants, your own store, global validation services, and order placement device(s). Here are just a few of the real-time validation tests you can automatically apply via our portal: Purchase Device Tracing
Single Merchant Purchase History
Single Merchant Purchase Velocity
Device Fingerprinting
Automatically monitors the frequency of orders placed with your company, purchases of a particular SKU in a given timeframe, value of accumulated purchases or combination of these conditions.
Derives a “digital fingerprint” of the device used for order placement. This fingerprint can then be used in conjunction with other order attributes to detect abnormalities.
Negative & Positive Lists Packet Inspection Detect Botnet Attacks First Time!
Allows you to maintain your own negative and positive lists for decision assessment (lists are not shared among merchants). Lists can be uploaded and chargeback information automatically appended.
Sees through anonymizers and botnets to view device behavior and detect true purchase device.
IP Geolocation
Custom Data Fields Custom data fields allow you to present business-unique data for evaluation. Examples include: customer purchase histories, order change histories, airline passenger data/PNR data, etc. Global Validation Services
Assesses the consistency between the geographic location of the IP address and address/billing information provided with the order. Includes ability to detect anonymizers. 4D Boxes Fraudsters In
Global Telephone Number Validation
Global, Multi-Merchant Purchase History
CyberSource maintains transaction histories across the thousands of merchants using our services worldwide. We correlate this data to your presented order (fingerprint, name, email, address, phone, etc.).
Validates telephone number structure via an international database covering over 100 countries.
Global Delivery Address Verification Validates address format and deliverability for 233 countries. Can also be used at time of order placement to detect “fat fingering” and eliminate the risk of invalid order rejection or mis-shipment.
Multi-Merchant: • Velocity • Identity morphing
U.S. Export Compliance/DPL Lists Real-time check of denied parties and persons of question across multiple lists maintained by U.S. government agencies.
Verified by Visa/MasterCard® SecureCode™ Results from Verified by Visa and MasterCard SecureCode checks can be evaluated by Decision Manager.
Standard Card Brand Services Standard card validation services such as AVS and card verification number are accessed and evaluated.
Other Validation Services Custom fields allow you to submit data from other validation services of your choosing to aid in the decision process.
© 2009-2010 CyberSource Corporation
8
Payment Management Project Guide 2010
Advanced Deep Packet Inspection Detects Botnet Fraud Device fingerprinting allows you to identify the purchaser’s device. With this “fingerprint” you can more quickly detect identity morphing (different names and account numbers associated with orders originating from the same purchase device). However, some fingerprinting technologies use only surface-level tactics and fraudsters subvert them by changing browser settings or deploying botnets to initiate the orders on “good citizen” machines. The fingerprinting technology provided with CyberSource Decision Manager is different.
Risky device behavior such as botnet activity, firewall scanning, and spamming are detected to help assess risk of order acceptance. IP_Attributes
IP Activities
STATIC, BOTNET_ZOMBIE
TCP_SCAN_FLAG, CONNECTING_TO_BOTNET, SPAM
STATIC, TCP_SCAN_FLAG, ThreatMetrix™ device tracing technology goes deeper. It BOTNET_ZOMBIE SPAM uses intelligence from the message packet to see through anonymizers and botnet activity. It profiles and traces STATIC, TCP_SCAN_FLAG, BOTNET_ZOMBIE OTHER, device identity and behavior all the way to the real SPAM fraudster’s system. Even if it is the first time this device DYNAMIC, OTHER, BOTNET_ZOMBIE SPAM has been seen, intelligence about its behavior helps you determine if the device is “good” or involved in risky STATIC SPAM activity. ThreatMetrix™ fingerprinting with deep packet inspection sees device behavior and profiles activity all the way to the fraudster’s control system.
Bill
Good Customer
Botnet Initiated Order Poses as a valid customer from a good customer machine Merchant Site
Fraudster Standard fingerprinting identifies (“fingerprints”) this device only, and does not see behavior.
About Device Fingerprinting: Privacy Policies and Integration Won’t set off browser alarms. The fingerprint does not interfere with system function, nor will it trigger browser warnings or P3P-enabled privacy alerts.
No personally identifiable data is captured. Device fingerprinting captures information about the DEVICE being used to initiate the purchase. It does not collect personal information or personal data. Persons cannot be identified via this fingerprint.
Implements quickly. Installs in about one hour. Place tags on your checkout page and it is ready to go. No additional coding is required.
Generally no need to rewrite privacy policy. If your privacy policy already discloses third-party cookies, or your company uses cookies to monitor purchase behavior, then using device fingerprinting will likely not require any change to your privacy policies.
Note: This information is provided for general guidance. Consult your attorney if you have questions about your particular application of this service.
9
© 2009-2010 CyberSource Corporation
Payment Management Project Guide 2010
3
CyberSource Payment Gateway and Account Updater Services
Reduce and Control Costs With Automated Processing Logic
Reduce Subscription Payment Failures Using Account Updater Services
CyberSource payment services help you more easily and aggressively manage processing costs. CyberSource services embed the intelligent processing logic to automatically handle $0 authorizations and related authorization management tasks to minimize Visa fees (see page 13). The option of a fully integrated CyberSource merchant account enhances results with interchange optimization capabilities and comprehensive reporting. You can change your banking relationship at any time, without changing your processing infrastructure.
If you sell subscriptions or offer one-click-buy (merchant wallet/stored account) services, you can reduce payment failures using CyberSource Account Updater Service. Your business can benefit by:
Accept All Popular US Payment Types On Demand
Account Updater Service
A single connection to CyberSource provides access to: • Visa and MasterCard (consumer/corporate: L1, 2, 3) • American Express (consumer/corporate: L1, 2) • Discover • Debit cards and PIN-less debit • eChecks • PayPal, Bill Me Later • Transact single, recurring or stored account payments • Wide range of local payment options worldwide (direct debit, bank transfer and local cards)
This service automatically updates your billing records via automatic feeds from cardholders’ issuing banks. Because your information is current, you process both recurring and on-demand transactions with fewer failures. This service is available as an automatic update if you use our Payment Tokenization with Remote Secure Storage services, or separately if you manage your own payment data.
4
• Retaining more revenue by reducing the risk of payment failures and customer cancellations • Avoiding excessive authorization declines, which can lead to higher interchange rates • Retaining up to 10% more subscriptions annually
Eliminate Payment Data Capture, Transmission and Storage
Eliminate Payment Data Storage Using Payment Tokenization On-demand secure payment data storage lets you operate with payment tokens instead of raw payment data. After initial payment information capture by your systems (online, call center, IVR, kiosk, and other types of IP-based POS systems), the data is transmitted to CyberSource, where the account information is processed and stored in our secure, PCI-certified datacenters. A “payment token” is returned, together with a masked account number. This token is used to initiate subsequent payment actions on that account (see diagram next page). Data is easily uploaded and retrieved via batch process or API. The masked account number allows your staff to handle customer inquiries without visibility to full payment information. © 2009-2010 CyberSource Corporation
10
CyberSource Payment Tokenization is compatible with Visa and MasterCard Account Updater services (payment information stored with CyberSource is automatically updated by participating banks). Account Updater can be implemented with or without Hosted Payment Acceptance, and works with any system or processor. The following payment actions and checkout models are supported: • One-time or re-authorization • Capture/settlement • Split capture • Recurring/subscription billing • Credit/partial credit • Standard checkout • “One-click-buy” checkout • Management of chargebacks and payment reconciliation
Payment Management Project Guide 2010
Eliminate Payment Data Capture, Transmission and Storage (cont.) How Payment Tokenization Works PA-DSS Certified Applications
Initial Transaction Follow-on Actions
Eliminate Payment Data Capture (by System and Staff) Using Hosted Payment Acceptance via Web or Interactive Voice Response System Hosted Order Page or Silent Order Post for Webstore
Payment Security for Call Centers
Allows your systems to transact payments without handling sensitive payment data across sales channels. The payment fields within your sales/order entry systems (online, call center, kiosk, IP-based POS, IVR, mobile) are “hosted” directly by CyberSource, a certified, Level 1 PCIDSS Service Provider. All payment data is captured via Silent Order Post technology, processed and stored within our secure network.
Reduce exposing your call center staff to payment data with our call center solutions. A hosted PCI-DSS certified IVR system or CyberSource experts handle payment information on your behalf, during or adjacent to the call. Your staff continues to handle orders and service customers as they normally do. At the time of payment capture the call is diverted to an IVR system hosted directly on the payment network or the certified CyberSource call center, to capture payment information and administer payment accounts. A payment token and masked account number is returned to your systems.
A payment token is generated and returned to your systems once the payment data is captured. There is no impact to your brand or user experience—only the payment fields are “hosted,” which also allow for rapid localization of payment channels to address new markets. 11
© 2009-2010 CyberSource Corporation
Payment Management Project Guide 2010
Eliminate Payment Data Capture, Transmission and Storage (cont.) Eliminate Back-Office Exposure to Payment Data Using Outsourced Order Review & Chargeback Management Separate your brand and staff from the manual back-office tasks that require interaction with raw payment data. Now you can use CyberSource managed services for order review and chargeback management. These services come with performance guarantees, so that you can be confident of achieving your desired business results. Screening Management CyberSource provides daily monitoring and review of your
5
transactions per mutually agreed policies. CyberSource manages cardholder and account verification through direct contact with the cardholder, the issuing bank, thirdparty verification services, and public records companies.
Chargeback Recovery CyberSource complements your team with experts specializing in chargeback recovery operations. We manage all investigation, documentation, processing and revenue recovery operations. The service includes consultation on process improvements and industry best practices, as well as weekly and monthly reporting.
In addition, we provide ongoing monitoring and consulting with specific focus on order acceptance, screening profile performance, and identification of suspected fraud trends. The service includes monthly analysis and reporting.
Consolidate and Centralize Payment Systems
For larger, somewhat more complex environments, CyberSource payment experts will customize our proven Centralized Payment System (CPS) software framework to your specifications. The infrastructure centralizes data repositories and ties all sales systems to a central management, reporting and administration infrastructure. Multiple regional and global payment channels are enabled by a single, underlying system that supports processing, order screening and reconciliation management across the payment channels. Our solution utilizes the concept of a “Payment Broker” that interfaces with multiple payment channels and systems. This broker manages the workflow between these systems, administrative resources and multiple processing entities (including CyberSource and other providers) to centrally manage payment operations. © 2009-2010 CyberSource Corporation
With a centralized infrastructure, enhance results with a fully integrated CyberSource merchant account which will allow you to offer preferred payment options in local markets, as well as better reporting capabilities via one single connection, further simplifying your global operations.
Implementation Options You can implement and self-manage the CPS solution on your site, or CyberSource can host the integration applications and manage all updates in our PCI-DSS certified data center on your behalf.
Merchant
CyberSource Merchant 3
Web Store Hosted Payment Acceptance
Merchant 2 Merchant 1
Web Store
Centralized Payment System
Payment Management Services
Call Center Hosted Payment Acceptance
Workflow Engine
Browser
Admin
Automated Reconciliation System
ERP Integration SAP, Oracle, Siebel
12
Payment Tokenization & Secure Storage
Banks/ Processors
Payment Management Project Guide 2010
Characteristic Project Cost & Timeframes Typical Time-to-Business Impact Measured from Time of Project Commitment
1 Month
2 Months
3 Months
4 Months
5 Months
6+ Months
Project 1 Increase Alternative Payment Options Project 3 Active Management of Payment Authorizations
Low Set-up Cost Ongoing Costs Scale w/Volume (Sales Funding)
Project 2 Increase Automated Fraud Detection Accuracy (Botnets) Project 4 Eliminate Payment Data Capture, Transmission, Storage
Moderate Set-up/ Project-Based Costs
Project 5 Consolidate and Centralize Payment Systems
Some installations may require extensive pre-planning time
Appendix: Information on Visa Assessments and Recommended Best Practices Visa introduced three new compliance requirements related to the use of Visa’s authorization and clearing systems. These have associated assessment fees. Two of the three changes became effective July 1, 2009, and the third October 1, 2009. These Visa mandates apply only to U.S.-based merchants whose Merchant Account is provided by a financial institution that is a U.S. Visa member, which includes most U.S. banks.
Zero Floor Limit Visa requires all transactions that are submitted for clearing (aka capture or settlement) to be properly authorized, regardless of amount (aka zero floor limit). Effective July 1, 2009, Visa instituted the Zero Floor Limit Fee for each transaction submitted for clearing where a proper authorization (including authorization code) was not obtained.
Zero Dollar ($0) Account Verification
This fee applies only to transactions processed by U.S.-based merchants and is billed by Visa directly to your merchant account provider/acquirer, who may bill it through to you.
Merchants currently processing $1 (or other low dollar amount) authorization requests as a means of verifying the validity of a Visa card are now permitted by Visa Operating Regulations to process only Zero Dollar ($0) Account Verification requests (aka $0 authorizations). Account Verifications provide merchants with an effective means of validating account numbers and other authentication elements such as CVV2 and AVS.
Recommended Best Practice: Authorize all transactions before capturing them. Misuse of Authorization System Visa requires all authorization transactions to be followed by a clearing (aka capture or settlement) transaction or, in the case of a cancelled order, for the transaction to be fully reversed.
In conjunction with this requirement, and effective July 1, 2009, Visa implemented an Account Verification Fee for each account verification request transaction. The fee varies depending on whether the verification is a low-dollar or $0 authorization requests.
Effective October 1, 2009, Visa is instituting a fee for each authorization request transaction that is not followed by a clearing transaction or, in the case of a cancelled order, not fully reversed.
This fee applies only to transactions processed by U.S.-based merchants and does not apply to partial or full authorization reversal requests. It is billed by Visa directly to your merchant account provider/acquirer, who may bill it through to you.
This fee applies only to transactions processed by U.S.-based merchants and does not apply to partial or full authorization reversal request messages. It is billed by Visa directly to your merchant account provider/acquirer, who may bill it through to you.
Recommended Best Practice: To verify a card, process an Account Verification ($0 authorization) request as detailed in the CyberSource Credit Card Services Implementation Guide. If this is not supported by your Processor, you may send an authorization reversal request following account verification authorizations greater than $0.
Recommended Best Practice: To avoid triggering the above fee, you must either clear transactions within 10 calendar days of the original authorization request or, in the case of a cancelled order, fully reverse the authorization within 72 hours of the original authorization request.
13
Š 2009-2010 CyberSource Corporation
About CyberSource CyberSource Corporation is a leading provider of electronic payment, risk and security management solutions. CyberSource provides payment management solutions for electronic payments processed via Web, call center, kiosk, mobile and POS environments. Services include hosted systems to help you manage electronic payments, as well as professional services to help design, integrate and fully manage parts or all of your payment operations. Over 273,000 businesses worldwide use CyberSource solutions, including half the companies comprising the Dow Jones Industrial Average and leading Internet brands. The company is headquartered in Mountain View, California, and has sales and service offices in Asia, Japan, the United Kingdom, and other locations in the United States.
NORTH AMERICA CyberSource Corporation 1295 Charleston Road Mountain View, CA 94043 T: 888.330 2300 T: 650.965.6000 F: 650.625.9145 email: info@cybersource.com
EUROPE CyberSource Ltd. The Waterfront 300 Thames Valley Park Drive. Thames Valley Park Reading RG6 1PT United Kingdom Phone: +44 (0) 118.929.4840 Fax: +44 (0) 870.460.1931 email: uk@cybersource.com
JAPAN CyberSource KK 3-11-11 Shibuya, Shibuya-ku Tokyo 150-0002 Japan Phone: +81.3.5774.7733 Fax: +81.3.5774.7732 email: mail@cybersource.co.jp
ASIA CYBS Singapore Pte Ltd Level 25, One Raffles Quay Singapore, 048583 Phone: +65 6622 5623 Fax: +65 6622 5999 Email: singapore@cybersource.com
Š 2009-2010 CyberSource Corporation. All rights reserved. CyberSource is a registered trademark in the U.S. and other countries. All other brands and product names are trademarks of their respective companies.