Merchant Processing Overview Chris Moore, Strategic Account Leader-Elavon
Agenda • Introduction • Key personnel associated with Commonwealth of Virginia processing contract • Credit Card Processing • Costs, Tips on lowering those costs, reading your statement, and those darned chargebacks! • The Industry Today-What is going on? • Durbin Amendment, Visa Government Program, Visa/MC Litigation update, • Exciting Industry Information (ok, its not exciting, but it is important!) • Payment Card Industry Data Security Standard (PCI-DSS) • Compliance with PCI guidelines and Validation of Compliance • EMV (Chip and PIN) • Timelines and Elavon Compliance • Convenience Fees • Rules and Regulations and Revenue Neutral Modeling • Elavon Products and Initiatives • Safe T Suite • Virtual Merchant and Virtual Merchant Mobile • Elavon POS Terminals • Electronic Check and Electronic Gift Cards • Q and A
Define Who’s Who COV Treasury • For Agencies wishing to participate in the Elavon/Virginia Treasury contract as well as any other questions related to Elavon/Treasury contract. • Lydia Connelly • Cash Management Analyst • Lydia.Connelly@trs.virginia.gov • (804) 786-1363 • Tina Wilhelm • Assistant Manager, Banking Services • Christina.Wilhelm@trs.virginia.gov • (804) 225-2647 • Bob Schmitt • Manager, Banking Services • Bob.Schmitt@trs.virginia.gov • (804) 225-2648 ElavonRelationship Management • Chris Moore, Strategic Account Leader • Senior Elavon Contact within Elavon • Contact Information • Email: Chris.Moore@Elavon.com • Phone: (800) 725-1245 x8711 • Dana Puleo, Payment Relationship Manager • Senior Operational Contact within Elavon • Contact Information • Email: Dana.Puleo@Elavon.com • Phone: (800) 725-1245 x8631 Elavon Sales (for new Public Bodies wishing to participate in the Elavon/Virginia Treasury contract) • Kevin Grothouse, Sales Executive • Contact for new Public Bodies to participate in Virginia/Elavon contract • Email: Kevin.Grothouse@Elavon.com • Phone: (513) 632-4496
A Quick Primer on Process Flow Ecommerce Gateway E-Commerce Transaction Counter Transaction
What are the different kinds of cost? • Association fees • Interchange Cost • Assessment Fees • Miscellaneous Fees • Elavon Costs • Processing Fee • Voice Authorization • Chargeback • Equipment
Card Association Costs (Interchange and Assessments) • Managed and updated by the Card Associations • Interchange costs vary in amount based on: • Industry type • Manner which cards are authorized (keyed, swiped) • How the card is processed (information such as AVS, timely batch settlement) • Card Product (Consumer, Check Card, Commercial/Corporate, Rewards) Elavon/COV Treasury Contract Costs • Managed by Treasury and Elavon • Credit Card Costs as follows: • $0.02/Authorization as of July 1, 2013 (previously $0.025/Authorization) • Lowering this fee has saved contract participants $30k- an average of almost $10k/month! • Voice Authorization fees between $0.55-$1.25 • Chargeback fees of $5 • Average transaction cost for contract participants is below 1.50% per transaction (that includes the $0.02 Authorization fee!).
Interchange Fees – Some Rate Examples • Visa • CPS Retail 2: 1.43% and $0.05 • Corporate/Business Cards: Between 2.2% and $0.10 and 2.65% and $0.10 • Rewards Cards: 1.65% and $0.10 (Swiped), 1.95% and $0.10 (Keyed) • Regulated Debit Cards: 0.05% and $0.23 • EIRF: 2.30% and $0.10 • Corporate Standard: 2.95% and $0.10 • MasterCard • Public Sector: 1.55% and $0.10 • Merit 1: 1.89% and $0.10 • Corporate Data Rate I: 2.65% and $0.10 • Corporate Standard: 2.95% and $0.10 • Standard: 3.05% and $0.10 • Note that rates in red are rates to look out for on your statement; rates in green are rates that give you the best opportunity to pay the least amount of money.
Interchange Costs – Card Association Card Association Fees MasterCard • Assessment of 0.11% on transactions < $1000 • Assessment of 0.13% on transactions > $1000 • $0.0025 per transaction for use of CVV2 information • $0.0195 per transaction NABU fee • 0.40% per International Card • $0.045 Processing Integrity fee (authorizing a card with no settlement or reversal) • 0.0045% Acquirer License Fee Visa • Assessment of 0.11% on all transaction • 0.40% per International Card • $0.0025 Clearing Access fee • $0.0195 NAPF fee • $0.0045 Mis Use of Authorization Fee
Interchange Costs – Card Association Card Association Fees Visa FANF fees • Visa has a Fixed Acquirer Network Fee (FANF) charged each month. • This fee varies based on whether the transactions are swiped or key entered. • For merchants that Swipe transactions, this fee is charged based on the number of locations. • The fee for these merchants actually goes up (per location) the more locations you add. • For merchants that Key Enter transactions, this fee is charged based on the monthly volume. • The fees are constant for each merchant volume threshold across the enterprise. • Visa charges these fees by Fed Tax ID, not Merchant Number. • Elavon can (and does) break up fees proportionately by Merchant Number to ensure that merchants are billed proportionately.
What kinds of charges should I not be paying? • Minimum Discount Fees (Card Min Bill) • PCI Fees • Statement Fees • Merchant Connect Fees (we don’t charge for access) • ACS fees • Reporting Fees • Generally speaking, the only fees you should see on your statement are: • Interchange and Assessment Fees • Elavon Authorization fees ($0.02/item) • Equipment fees (terminal purchases, Virtual Merchant Monthly Fees) • Token fees/Safe T Suite fees (if used) • Chargeback Fees • Voice Authorization fees
So how do I control my costs? Consider • Only One Authorization per Transaction • Consider Account Verification Status Check according to business need (remember it costs $0.025/trans) • Avoid processing $1 Pre-Auth with no matching settle transaction (remember it costs $0.045/trans) • Avoid processing $1 Sale with no matching settle transaction or void (remember it costs $0.045/trans) Always • Close Batch Daily if not setup on Auto-Close • Alwaysfollow POS device transaction prompts entering valid data not pressing enter or “0” to by-pass the prompt • Hand-keyed Transactions – Always Enter Address Verification ((AVS) Zip Code) • Commercial Cards – Always Enter Sales Tax and Customer Code When Prompted at the Point-of-Sale
Chargebacks A Chargeback is a transaction disputed by the Cardholder or Card Issuing Bank • If a Merchant receives a Chargeback, the Acquirer will debit the Merchant’s DDA (checking account) for the amount of the Transaction There are many reasons for chargebacks, but the most common are: • Returned merchandise • Terminated services • Disputes, errors, or fraud Merchants must be able to provide proof that the disputed transaction is valid and in accordance with Visa/MasterCard regulations or risk having their account debited for the disputed transaction amount as well as chargeback fee
What Does a Chargeback Mean to Me? For the merchant, a chargeback translates into: • Additional processing time and cost • A more narrow profit margin for the sale • And, possibly a loss of funds/revenue Important Note: • Carefully track and manage the received chargeback disputes • Take steps to avoid future chargeback disputes • Know your re-presentment rights to chargeback disputes • Always consider taking measures to recover losses from customers who are financially liable for transactions that were charged back to you, the merchant
How to Prevent Chargebacks Remember to- • Avoid duplicate processing of a Transaction • Work with the Cardholder to resolve disputes regarding the quality of merchandise or services rendered • Refuse to process a Transaction when you receive a Declined Code during Authorization • Call for Voice Authorization if needed • Call for Code 10 Authorization if you are still suspicious of the Cardholder, Card or Transaction after receiving an Approval Code
How to Prevent Chargebacks Remember to- • Verify that Transaction Receipts equal the POS device to eliminate duplicate transactions • Include a description of goods or services on the Transaction Receipt • Deliver merchandise or services before charging the Card • Obtain an Authorization Code • Include the CVV2/CVC2 and AVS Codes for Card Not Present Transactions if applicable • Submit Transaction Receipts on the same day Transactions are authorized • Make sure an Imprint appears on Manual Transaction Receipts or that the relevant Transaction information appears on the Terminal-generated Transaction Receipt • Do not accept expired Cards or Cards that have expiration date that predate the Transaction • Make sure the signature on the Transaction Receipt matches the signature on the back of the card
Understanding Your Statements • Section of Statements • Chain/Merchant Statement-Activity Summary • Chain/Merchant Statement-Volume Summary • Chain/Merchant Statement-Processing Fees • Chain/Merchant Statement- Association Fees • Chain Statement- Merchant Level Fee Breakout • Chain Statement- Merchant Level Sales • Merchant Statement Only-Authorization Fees
The Durbin Amendment • Took effect October 1, 2011 as part of the Dodd-Frank act and the Consumer Protection Reform act. • Debit Card Costs-Capped at 0.05% and $0.23 per transaction. • These costs are under review by the District Court in Washington, DC, based on a lawsuit from various retail • Their contention is that the Treasury has allowed too much leeway in the costs, resulting in costs that are too high for card transactions. • This case is still under review, and there is no timeline as to when or if the per transaction costs will be adjusted. • Second key area is that a minimum purchase amount can be set (not to exceed $10). • Third key provision is that merchants can offer a discount for cash or debit cards. • Additionally, Debit cards have to offer multiple networks for processing.
Visa/MC Antitrust legislation • In 2012, Visa/MC proposed a settlement to class action litigation against Visa/MC relative to egregious interchange fees. • This settlement has not yet been finalized. For the settlement to be finalized, the Court must approve the settlement and 70% of merchants (as determined by total merchant volume) must “opt-in” to make the settlement valid. • Final hearing was on September 12, 2013; no final decision from court has yet been made. • Several large entities have already said that they will not participate in the settlement, including the National Association of Restaurants, National Association of Convenience Stores, Wal Mart, and Target. COV and other states (such as Oregon and California) are not participating as well. • If the Settlement is approved and put into place, key measures will be put into place: • The Associations will rebate $6.05B in cash to merchants. • Additionally, the associations will adjust interchange by 0.10% • Merchants will be able to surcharge transactions, even in Retail environments.
EMV (Chip and PIN) • EMV is an acronym for Europay, MasterCard, and Visa. It references the global standard for Integrated Circuit Chip cards (or simply Chip cards) that interact with various POS devices to authenticate purchases. • EMV is the technology that allows cardholders to be validated via PIN entry at the time of purchase. • Currently only available in a Card Present/Swipe environment. • EMV is widely used in other parts of the world today, particularly Europe. • Actually invented in 1977, they first started use in Europe in 1984 with a large French bank rollout.
EMV (continued) • Consumer payment application is resident in a secure Integrated Circuit Card (ICC) or contactless chips in smart cards or personal devices such as smart phones • EMV Standards are managed by EMVCo. EMVCo is a company founded by the major card brands (Visa, MC, Discover) to manage the overall standard. AMEX also belongs to EMVCo as of 2009. • EMV works by using the technology you have (i.e. the card) along with the technology you know (such as PIN) to validate authenticity. • Elavon is required to be compliant with this standard as of October 2015. We are currently working on timelines and product offerings to ensure merchants can comply with this standard.
Convenience Fee Rules Overview Imposing a Convenience fee is permissible under the following conditions: • Transaction must be processed in a non face-to-face environment • The Payment channel needs to provide a true convenience to the cardholder and the card member must have the ability to pay the transaction in another environment without fees • The fee needs to be disclosed prior to the completion of the sale with an opportunity to cancel the transaction prior to the cardholder being charged. • This fee must be disclosed as a convenience fee and not a surcharge. • Convenience fee needs to be applied to all payment channels (Visa, MC, AMEX, DI, ACH). • Visa requires that all fees must be a fixed amount; MC and Discover allow percentage based fees. • Visa requires that all Convenience Fees be assessed in the same transaction amount. • Visa does have programs specifically for Tax Payment programs that have different allowances. • Visa and MasterCard both prohibit establishing minimum or maximum transaction amounts for a purchase.
Convenience Fee exception § 2.2-614.1. Authority to accept revenue by commercially acceptable means; service charge; bad check charge. A. Subject to § 19.2-353.3, any public body that is responsible for revenue collection, including, but not limited to, taxes, interest, penalties, fees, fines or other charges, may accept payment of any amount due by any commercially acceptable means, including, but not limited to, checks, credit cards, debit cards, and electronic funds transfers. B. The public body may add to any amount due a sum, not to exceed the amount charged to that public body for acceptance of any payment by a means that incurs a charge to that public body or the amount negotiated and agreed to in a contract with that public body, whichever is less. Any state agency imposing such additional charges shall waive them when the use of these means of payment reduces processing costs and losses due to bad checks or other receivable costs by an amount equal to or greater than the amount of such additional charges. C. If any check or other means of payment tendered to a public body in the course of its duties is not paid by the financial institution on which it is drawn, because of insufficient funds in the account of the drawer, no account is in the name of the drawer, or the account of the drawer is closed, and the check or other means of payment is returned to the public body unpaid, the amount thereof shall be charged to the person on whose account it was received, and his liability and that of his sureties, shall be as if he had never offered any such payment. A penalty of twenty-five dollars or the amount of any costs, whichever is greater, shall be added to such amount. This penalty shall be in addition to any other penalty provided by law, except the penalty imposed by § 58.1-12 shall not apply. (2002, c. 719.) Commonwealth of Virginia State Law
Visa Government Program • Allows governments to add a fee onto any type of transaction. • Allows for Percentage Based fees on Credit Cards; Debit Card fees are capped at $3.95 and must be fixed. • Registration through Elavon and Visa is required. • Fee must be clearly disclosed. • Fee must be a separate amount from the actual payment amount. • Fee must be CPS qualified: • Transaction should be settled within 24 hours • Transaction must include ZIP Code information if key entered
Revenue Neutral Solution • Elavon has the ability to process transactions for government accounts with no fees to the merchant. • The way this works is that Elavon will collect the extra money from each transaction (surcharge) and keep that; merchant receives 100% of all revenue collected. • Requirements: • Merchant must be registered with Visa Government program. • Merchant must have additional fee on all transactions. • Merchant must process as separate transactions (in accordance with Visa guidelines) • Elavon will set the fee amount and collect 100% of all fee revenue. The fees are calculated based on expected Interchange costs as well as Elavon overhead for managing the program.
Payment Card Industry – Data Security Standards Are you compliant….
Payment Card Industry - History • Visa instituted the Cardholder Information Security Program (CISP) in June 2001, the program is intended to protect cardholder data—wherever it resides—ensuring that merchants, and service providers maintain the highest information security standard. • The CISP and related MasterCard Site Data Protection (SDP) programs were implemented to help ensure consumers that the businesses they are dealing with maintain the security of their bankcard account and other personal identifiable information. • Visa and MasterCard aligned their security requirements in December 2004 to form a Payment Card Industry Standard for Security. • PCI Data Security Standard requirements can be found at https://www.pcisecuritystandards.org. • These data security requirements require all entities that store, process, or transmit card data to be compliant with these payment card industry standards for security. • This program generally requires all merchants who store, process, or transmit card data to complete an annual security questionnaire and have their IP addresses scanned quarterly by a VISA/MC certified vendor. • Compliance has many benefits: Safe harbor from fines if a location is hacked and the VISA/MC “good seal of approval for” processing, customer confidence and maintain brand reputation.
What level is your account? • PCI-DSS is categorized into 4 levels • Level I – Any Merchant processing over 6MM Visa transactions annually • Level II – Any Merchant processing between 1MM – 6MM Visa transactions annually • Level III – Any Merchant processing 20K – 1MM Visa E-commerce transactions annually • Level IV – Any Merchant processing less that 20K Visa E-commerce transactions, or less than 1MM Visa transactions regardless of the channel PCI-DSS
12 Guidelines for PCI Compliance • Install and maintain a firewall configuration to protect cardholder data • Do not use vendor-supplied defaults for system passwords and other security parameters • Protect stored cardholder data • Encrypt transmission of cardholder data across open, public networks • Use and regularly update anti-virus software • Develop and maintain secure systems and applications • Restrict access to cardholder data by business need-to-know • Assign a unique ID to each person with computer access • Restrict physical access to cardholder data • Track and monitor all access to network resources and cardholder data • Regularly test security systems and processes • Maintain a policy that addresses information security
Damage to brand/reputation Investigation costs Remediation costs Ongoing compliance audits Victim notification costs Financial loss Fines and Fee Non-compliance (each brand issues separate fines) Re-issuance Fraud Loss Data loss Chargeback’s for fraudulent transactions Operations disruption Sensitive info disclosure Denial of service to customers Possibility of business closure Potential legal liabilities beyond the Association rules Non-Compliance: Risks, Fines, Fees, Costs, Loss
4 New PCI DSS Self Assessment Questionnaires (SAQ) In an effort to make the process of becoming PCI DSS compliant more streamline, the PCI Council has developed 4 new SAQ’s for merchant validation. New SAQ’s are as follows: SAQ A: Addresses requirements applicable to merchants who have outsourced all cardholder data storage, processing and transmission. SAQ B: Created to address requirements pertinent to merchants who process cardholder data via imprint machines or standalone dial-up terminals only. SAQ C: Constructed to focus on requirements applicable to merchants whose payment applications systems are connected to the internet. SAQ D: Designed to address requirements relevant to all service providers defined by a payment brand as eligible to complete an SAQ and those merchant who do not fall under the types addressed by SAQ A, B, or C. The new questionnaires and further information can be found at: https://www.pcisecuritystandards.org
What roles do Elavon and Treasury play in my PCI compliance validation? • Treasury- Maintains the contract with Elavon, which requires compliance with applicable PCI security standards. • Elavon- Serves as a resource for questions related to PCI, and also serves to provide guidance on the PCI process. • Elavon is responsible for ensuring that merchants comply with PCI guidelines and is liable to Visa/MC for any fines.
So what are my responsibilities related to compliance validation? • Complete the applicable questionnaire(s) annually. • Scan your systems quarterly (if applicable) using an approved third party scanning vendor. • Ensurethat your systems are secure and that cardholder data is not retained.
Virtual Merchant • Virtual Merchant is a proprietary Elavon gateway that can be used as either: • Virtual Terminal-Allowing for local PC based processing of both Key Entered and Retail transactions. • Gateway- Allowing for mapping of transactions to process through Virtual Merchant to the Elavon host. • Virtual Merchant is hosted by Elavon. The only technical requirement for use is Internet Explorer and an internet connection. • Development to the Ecommerce gateway utilizes HTTPS protocol. • Ecommerce merchants can also utilize an Elavon hosted payment page, further reducing PCI scope. • Development accounts are available for your needs.
Virtual Merchant Mobile • Virtual Merchant Mobile is an Elavon product that allows you to turn your tablet or Iphone/Android device into a portable terminal. • The Virtual Merchant app itself is free and can be downloaded from the ITunes store or Google Play Market. • This app allows you to key enter or swipe transactions, and have those transactions processed just like on a terminal or Virtual Merchant. • Note-Swipe transactions require the purchase of a swiper device.
Elavon Terminals • Elavon has stand alone terminals that allow for credit card processing. • Elavon has several different models to choose from. Some basics: • Terminals can connect either via LAN connection (IP) or Analog phone lines (dial). Note that digital phone lines are not recommended. • Terminals are menu driven. • Terminals are simple, easy to use, effective processing solutions that require little training or knowledge.
Electronic Check Service (ECS) • Elavon’s ECS service provides merchants with the ability to process checks electronically, without the need to take checks to the bank. • Checks are “imaged” meaning that a copy of the check is captured electronically and then routed for payment. • Most types of checks can be supported including Business, Corporate, Consumer • With Dual Sided Imagers, we can also support Money Orders, Treasury Checks, Traveler’s Checks, Third Party Checks…pretty much any kind of check presented can be used with this service. • Check amounts deposit with your Credit Card batches, and reflect on all Elavon reporting. • For large scale environments, Elavon can also support high speed imagers.
ECS Service Level Options • Conversion with Guarantee • Checks are converted into electronic transactions and all funds are guaranteed • All paperwork is eliminated – no follow-up needed from merchants • The retailer assumes no risk for all qualified and approved transactions • Conversion with Verification • Checks are imaged and converted into electronic transactions • Routed for verification either through the participating Visa bank or through EnCircle for ACH submission • Retailer retains the risk of returned items for all transactions • Conversion only • Checks are imaged and converted into electronic transactions, retailer performs own authorization • Retailer retains the risk of returned items for all transactions
Checks can be taken either Face to Face or via Mail • Face to Face (Point of Purchase or POP) • Enables merchants to convert checks to electronic transactions in a check present/consumer present environment at the time of check acceptance • Utilizes Direct DDA, the ACH network and Check Replacement Documents (CRD’s) for authorization and clearing • Signature required • Check must be returned to check writer • Posted and take away consumer notification required • Non Face to Face (Accounts Receivable Conversion or ARC) • ARC is used for check present/consumer absent transaction environments such as Receivables Payments, Mail Orders, or Drop Box/Lock Box environments • Customers are provided a notice that checks will process remotely.