Presented by: Barbara Fava, Managing Director PFM Asset Management LLC 1 Keystone Plaza, Suite 300...

Presented by:

Barbara Fava, Managing Director

PFM Asset Management LLC1 Keystone Plaza, Suite 300

N. Front and Market Streets

Harrisburg, PA 17101

(717) 232-2723

[email protected]

What You Don’t Know About

Merchant Card Processing Can Cost You

Treasurers’ Association of Virginia 85th Annual Conference, Harrisonburg, VA

June 24, 2015

2© 2015 The PFM Group

Merchant Card Process Summary


Merchant Card Processors

Processing Fees and Rates


Interchange Fees• Non-negotiable fee paid to the issuing bank

• Same for all issuing banks

• Two-part fee:

– Percentage of transaction volume

– Flat fee per transaction

– Example: 1.51% of volume plus $0.10 per transaction

• Interchange category is based on details of transaction:

– Card brand

– Card type

– Card category

– Processing method

– Business Type


Merchant Category Codes

Code Type of Business

7542 Car Washes

8351 Child Care Services

8220 Colleges, Universities

5411 Grocery Stores

9399 Government Services

6300 Insurance Sales and Underwriting

8099 Medical Services

5812 Restaurants

5941 Sporting Goods Stores

0742 Veterinarian Services


Interchange Examples

• $100 dollar transaction

• Visa Credit

• Card Not Present transaction

1.54% rate on volume$0.10 per transaction

Total Interchange: $1.64


Interchange Examples• $100 dollar transaction

• Visa Credit Rewards

• Card Present transaction

1.65% rate on volume$0.10 per transaction

Total Interchange: $1.75


Merit III: 1.58% rate$0.10 per transaction

Interchange: $1.68

Merit I: 1.89% rate$0.10 per transaction

Interchange: $1.99

Difference: $0.31

Interchange Examples• $100 dollar transaction

• MasterCard Credit

• Eligible for Interchange Merit III, Processed as Merit 1


Processing Costs (Assessment Fees)

• Non-negotiable fee paid to the card associations (VISA, MasterCard, etc.)

• Same for all issuing banks

• Includes percentage, a transaction fee, and monthly fees*

Percent of Volume Transaction Fee Monthly Assessment Fee

Visa 0.13% credit0.11% debit

$0.0195 credit$0.0155 debit

Fixed Acquirer Network Fee

($2.00-$120.00)

MasterCard 0.125% $0.0195 N / A

Discover 0.105% $0.0185 N / A

American Express 0.15% N / A N / A

*Brands may also charge: Kilobyte Access fees, Cross Border or International Assessment fees, and other network and license fees


Processing Costs (Markup Fees)• Negotiable fee paid to merchant card processor

• Inconsistencies make it difficult to compare credit card processors

• Differ significantly by:

– Transaction Amount

– Pricing model


Interchange Fee

Assessment Fee

Transaction Fee

Assessment Fee (Markup)

Transaction Fee

(Markup) Total Fee

Receiving Party

Issuing Bank

Card Association

Card Association

Processor Processor

Processor A 1.65% +

$0.100.13% $0.0195 0.09% $0.00 $1.99

Processor B 1.65%+ $0.10

0.13% $0.0195 0.00% $0.15 $2.05

Processor C1.95% +

$0.100.13% $0.0195 0.05% $0.05 $2.30

Processing Costs (Summary)

• $100 dollar transaction

• Eligible for Interchange Category CPS Small Ticket (Swiped)

• Card Type: Visa Credit Reward

Processed as CPS/Retail Key Entered


Pricing Models (Pass-Through)• Interchange and assessment fees are billed directly to the merchant at cost

• The same mark-up for every interchange category

• Advantages:

– Transparent

– Allows for interchange optimization

– Generally less expensive

• Issues to Consider

– Processors will add on fees

– Costs go up when interchange increases

– Best interchange category not always obtained


Pass-Through Pricing (Interchange Plus)

$100 transactionCPS Retail

Interchange Rate Paid to the Issuing

Bank

Assessment Paid to the Card Association

Rate and Fee Paid to the Processor Total Cost

VisaConsumer Credit Card

1.51% + $0.10 0.13% + $0.0195 0.10% + $0.05 $1.91

VisaReward Credit Card

1.65% + $0.10 0.13% + $0.0195 0.10% + $0.05 $2.05

VisaDebit Signature Card

0.05% + $0.22 0.11% + $0.0155 0.10% + $0.05 $0.55

VisaBusiness Credit Card

2.25% + $0.10 0.13% + $0.0195 0.10% + $0.05 $2.56


Pricing Models (Bundled Pricing)• Processor sets fixed fee by “tier”

• Example

– Qualified (1.69% + $0.25)

– Mid-qualified (2.25% + $0.31)

– Non-qualified (3.35% + $0.31)

• Qualification category based on transaction characteristics

• Interchange and assessment rates are not disclosed

• Issues to Consider

– Lack of transparency

– Generally results in highest processing costs

– No interchange optimization

– Allows processor to keep refunds

“Bundled Pricing has played a big role in building the

processing industry’s shady reputation”

www.cardfellow.com


Bundled Pricing (Tiered Pricing)

$100 transaction Interchange

Rate Paid to the Issuing Bank

Assessment Paid to the Card Association

Rate and Fee Paid to the Processor Total Cost


Not Disclosed Not Disclosed 1.69% + $0.25

(Qualified)$1.94


Not Disclosed Not Disclosed 2.25% + $0.31 (Mid-Qualified)

$2.56


Not Disclosed Not Disclosed 1.69% +$0.25 (Qualified)

$1.94


Not Disclosed Not Disclosed 3.35% + $0.31 (Non-Qualified)

$3.66


Pass Through vs. Bundled Pricing

$100 transaction Pass Through

Total Cost Bundled Total

Cost Difference


$1.91 $1.94 $0.03


$2.05 $2.56 $0.51


$0.55 $1.94 $1.39


$2.56 $3.66 $1.10


Merchant Card Processing Fee Tips

• There is nothing standard about processing fees

• Pass-through pricing is usually the best option

• Contract terms do not guarantee that rates will remain constant

• Getting low rates is only the first step towards lowering credit card processing fees – keeping the rates low is the next step

• Continual review of monthly statements is critical

• Fees on returns should be refunded (pass-through pricing only)

• You get what you negotiate!

PCI Compliance


PCI Data Security Standards (DSS)

• Guidelines for businesses that accept credit/debit cards

• To protect cardholder data when it is processed, stored or transmitted

• Enforced by the payment card associations (VISA, MasterCard etc.)


VISA PCI Compliance Levels

Level / Tier

Merchant Criteria Validation Requirements

3Merchants processing 20,000 to 1 million e-commerce transactions annually

Annual Self-Assessment QuestionnaireQuarterly network scan by ASVAttestation of Compliance Form

Annual SAQ recommendedQuarterly network scan by ASV if applicableCompliance validation requirements set by merchant bank

Annual ROC by QSA or Internal AuditorQuarterly network scan by ASVAttestation of Compliance Form

1

2Annual Self-Assessment QuestionnaireQuarterly network scan by ASVAttestation of Compliance Form

Merchants processing 1 million to 6 million transactions annually

Merchants processing over 6 million transactions annually

Merchants processing less than 20,000 e-commerce transactions annually; all other merchants processing up to 1 million transactions annually

4


PCI Terminology• Qualified Security Assessors (QSA) are data security firms that are

qualified by the PCI Security Standards Council to perform on-site PCI DSS assessments.

• Network Security Scans remotely checks an entity’s systems for vulnerabilities. For large merchants, PCI DSS requires network security scans on a quarterly basis.

• Approved Scanning Vendors (ASV) are data security firms that use scanning solutions to determine whether or not a merchant meets the PCI DSS external vulnerability scanning requirement.

• QSAs prepare the annual Report on Compliance (ROC), which documents detailed results from an entity’s PCI DSS assessment.


Common PCI DSS Violations• Storage of magnetic stripe data (never allowed)

• Improperly installed merchant point-of-sale (POS) systems

• Default system settings and passwords not changed

• Poorly coded web applications that allow access to cardholder data through the web site

• Missing and outdated security patches and updates

• Lack of monitoring

• Poorly implemented networks


Processor Approaches to PCI Compliance

• Card Associations assess fees when non-compliance leads to a security issue or breach.

• Processors often charge PCI non-compliance fees to merchants.

• Merchant card processors have different approaches to validating PCI compliance

– Require all businesses to validate PCI compliance.

– Charge a fee for providing PCI support programs to help businesses become compliant.

– Allow an organization to maintain its own in-house compliance validation programs

This may be mandatory.


EMV (Chip and PIN) Cards• Fraud liability shifts in October 2015

• EMV technology requires two layers of security – the EMV “chip” along with a PIN or a signature.

• EMV technology is not foolproof.

• Three-pronged approach to data security should be used

• EMV technology

• Point-to-Point Encryption (P2PE)

• Tokenization

Hardware and Technology


Types of Terminals

Swipe and Sign Terminals

Handheld and Wireless Terminals

EMV Chip and PIN Terminals

Near Field Communication (NFC) Terminals


Credit Card Issuers

• There are 1.2 billion payment cards in circulation in the U.S.

• Only 20 million of those are EMV cards1

Merchant Card Terminal Suppliers

• There are 12 million point-of-sale terminals in the U.S.

• Only half of them are expected to be EMV ready by October 20151

Merchants / Vendors

• Target alone has budgeted $100 million for its EMV rollout

• The total card conversion cost in the U.S. is estimated to be $4.2 billion2

Will the United States be Ready for the Shift?

1. Source: www.EMVCo.com As of December 2014.2. Javelin Strategy & Research

http://www.emvco.com/


Merchant Card Questions to Ask

Transaction Classifications:

• Are transactions are being categorized correctly so that they are qualifying for the best interchange rate?

Customer Payments:

• How can we encourage customers to choose lower-cost debit/PIN transactions as opposed to more expensive credit transactions?

Services vs. Costs:

• Are you receiving bundled or pass-through pricing?

• Are the fees competitive?

• Would a third-party processor be more cost effective?

PCI Compliance:

• What level of PCI compliance support does the bank provide?

• What is the bank’s non-compliance fee?

• How does the bank utilize encryption and tokenization to ensure data security?


Disclaimer

This material is based on information obtained from sources generally believed to be reliable and

available to the public, however PFM Asset Management LLC cannot guarantee its accuracy,

completeness or suitability. This material is for general information purposes only and is not

intended to provide specific advice or a specific recommendation. All statements as to what will

or may happen under certain circumstances are based on assumptions, some but not all of which

are noted in the presentation. Assumptions may or may not be proven correct as actual events

occur, and results may depend on events outside of your or our control. Changes in assumptions

may have a material effect on results. Past performance does not necessarily reflect and is not a

guaranty of future results. The information contained in this presentation is not an offer to

purchase or sell any securities.

Credit Card Association (Card Brand) – The company that creates the credit cards and set the rules.

Issuing Bank – Financial institution that issues the cards to business and consumers

Merchant – The organization that accepts a credit or debit card for payment.

Acquiring Banks/Acquirers/Processors – Institutions that act as messengers between merchants and credit card associations.

ISO – An independent sales organization; provides certain marketing or servicing functions.

Member Bank – A bank that issues and/or processes merchant cards.

Payment Gateway – Special portals that route transactions to an acquirer, usually in the case of an online shopping cart.

Merchant Card Processing Overview

Presented by: Barbara Fava, Managing Director PFM Asset Management LLC 1 Keystone Plaza, Suite 300...

Documents

Transcript of Presented by: Barbara Fava, Managing Director PFM Asset Management LLC 1 Keystone Plaza, Suite 300...