Insider Guide to e Payment Management

7/30/2019 Insider Guide to e Payment Management

1/22

to ePayment Management

30 Tactics Leading Merchants Use to Capture Hidden Prots


2/22

2

Global Payment Acceptance 4

Tactic #1: Oer 3 or more payment types 4

Tactic #2: Oer payment types preerred by U.S. consumers 5

Tactic #3: Oer payment types preerred by non-U.S. consumers 6

Tactic #4: Accept payment in local currency 7

Tactic #5: Merchandise payment types accepted 7Tactic #6: Calculate and display total price early in checkout process 7

Tactic #7: Implement global on-demand payment gateway 8

Tactic #8: Use stand-in domicile and regional/inter-regional vendors 8

Tactic #9: Consolidate payment transactions across CNP sales channels 8

Order Screening 9

Tactic #10: Supplement AVS results with other detectors 9

Tactic #11: Change how you use and position CVV 9

Tactic #12: Monitor order rejection rate & A/B test rules 9

Tactic #13: Examine your credit managers MBOs 10

Tactic #14: Use detection tools that span our dimensions o validation 10

Tactic #15: Implement card association payer authentication services 11

Tactic #16: Implement real-time denied parties screening 11

Tactic #17: Adopt 2 stage, business-user controlled automated screening 12

Tactic #18: Use a case management dashboard 13

Tactic #19: Measure and monitor total raud loss 13

Processing Management 14

Tactic #20: Authorize in real-time & prompt or alternative method 14Tactic #21: Account updater and re-try logic or subscription billing 14

Tactic #22: Transaction caching and alternative routing 14

Tactic #23: Keep authorizations resh and accurate 15

Tactic #24: Supply complete processing data 15

Collection & Reconciliation 16

Tactic #25: Challenge raud-related chargebacks 16

Tactic #26: Automate payment reconciliation 16

Payment Security 17Tactic #27: Merchandise payment security 17

Tactic #28: Centralize payment systems 18

Tactic #29: Eliminate payment data storage 19

Tactic #30: Push payment data capture to your service provider 19

CyberSource ePayment Management Services 21

CON

TENTS


3/22

3

How much can ePayment Management impact your organizations prots?More than you might think. Our research and eld experience with many o the worlds leading online brands suggests actively

managing ePayments can deliver a combined cost savings and sales conversion increase equal to 5-8% o revenue or more. And, when

entering new markets, proper payment management has been demonstrated to yield up to a 15-20% dierence in revenue results. To

put this in context, many marketing departments work diligently to realize a 2-5% lit in conversion. Using this lens you can see that

payment isnt just a utility. Payment is a process that can be managed to yield a proound impact on business results. It has become an

area o strategic ocus or top management at leading organizations.

The best perorming online businesses embrace this view and manage payments as a complete end-to-end process, starting with

payment acceptance and order screening, and continuing on through processing, collection and reconciliation, with all unctions

enveloped by payment security and compliance considerations.

For additional inormation, whitepapers and webinars, or sales assistance:

Contact CyberSource:

1.888.330.2300 orwww.cybersource.com/contact_us

Resource Center:

www.cybersource.com/resources

This guide describes tactics you can use to capture hidden

prots in these ve key areas o ePayment operations. Tactics are

urther categorized into Revenue Liters and Cost Reducers.

They are derived rom merchant practices surveys (CyberSource

Payment Survey, CyberSource Fraud Survey), eld experience

with leading online and multi-channel merchants, and analysis

o industry data. You may have already implemented some o

these tactics, however it is likely youll nd at least a ew that can

measurably increase your revenues and/or reduce your costs. We

welcome your questions and will respond to your inquiries atwww.cybersource.com/contact_us.

Order RetainedProt

1. Global PaymentAcceptance

Merchant account and

processor connections.

5. Payment SecurityTransaction security and PCI compliance management

2. Order Screening

Fraud management.

Operations associated

with automated and

manual order review.

3. ProcessingManagement

Technology and

operations re: processing

integrity, interchange

management, payment

failure management.

4. Collection &Reconciliation

Chargeback

management and

payment reconciliation

operations.

ePayment Pipeline


4/22

4

Revenue Liters

Tactic #1:Oer 3 or more payment types

Studies show merchants that oer 3 or more payment types realize a 14% lit in sales conversion over those that oer two or ewe

types. Note that types does not mean just multiple card brands, it means additional payment methods (cards, git cards, etc.).

Research among merchants and consumers supports this tactic. Larger merchants accept, on average, 3 payment types, while those

with lower sales volume accept, on average, less than three. Consumers indicate that, given equivalent product and price, accepting

the payment type they preer is a key inuencer in their purchase decision. Also, dierent demographic groups may tend towards

dierent payment options, and individual consumers may move among the payment options available to them depending on the type

o purchase, current available credit, etc.

0% 10% 20% 30% 40% 50% 60%

Accepts the payment method I want to use

Keeps my nancial information secure

Discount on next purchase

Oers PayPal or similar service

Double rewards points with store credit card

None of the above

Other

55%

54%

31%

17%

16%

8%

4%

I you had to choose between two websites that oered the same product at the same price,which o the reasons below would infuence your choice o where to buy? (Select all that apply.)

Source: JupiterResearch/PayPal survey, Jan. 2008, 2140 respondents to this question.

63%

TransactionCompletion

12 Methods 3+ Methods

72%

14% Lift in

Completed

Checkouts*

Payment Methods:

GeneralPurpose/BankCards

(Visa, MC, Amex, Discover etc.)

PrivateLabelCards

GiftCerticates/GiftCards

ElectronicChecks

SubscriptionBilling/Installmentpayments

InstantCredit(BillMeLater)

PayPalorothernon-cardpaymenttypes

* Percent o shopping carts started which are converted tosales. Source: CyberSource Merchant Survey

Oering 3+ Payment Methods Increases Conversion

Global Payment Acceptance

Global Payment Acceptance includes establishing merchant accounts, establishing connections tonecessary processors, integrating payment capability with customer-acing and back-end systems,and merchandising payment options to optimize payment mix and conversion.


5/22

5

1CyberSource merchant survey 2FDC/Telecheck research

Tactic #2:Oer payment types preerred by U.S. consumers

U.S. consumers cite using these payment methods most requently to transact sales online (chart at let). While aggregate consumer

use oers a good rule-o-thumb, certain businesses optimize conversion with a dierent mix o options. Payment behavior diers with

purchase context: auction purchases, purchases at smaller businesses, and purchases transacted with larger merchants. For example

studiesshowonlinebusinesseswithannualsalesinexcessof$25MMacceptgiftcards,BillMeLaterandprivatelabelcardsatarate

higher than the overall merchant average (chart at right).

Source: Shop.org eHoliday Mood Study: Consumer Sur vey, conductedby BizRate Research, as cited in eMarketer 2007

Credit card

Debit card

PayPal

Gift cards/certicate redeemed online

Bill Me Later

Private label store credit card

Pay by check or money order

Loyalty/membership program points redeemed online

Google Checkout

79.7%

38.2%

32.8%

9.1%

8.6%

6.3%

6.1%

4.3%

2.5%

100%

95%

29%

33%

43%

25%

23%

20%

26%

13%

26%

9%

2%

7%

1%

1%

Credit/Debit cards

PayPal

Gift cards/Certicates

Electronic checksor ACH payments

Bill Me Later

Private label card

Google Checkout

Mobile Payments

Large Merchants

All Merchants

Source: CyberSource Merchant Survey

REVIEW OF U.S. PAYMENT OPTIONSIn addition to credit cards, you may wish to accept one or more o the ollowing to help lit conversion.They are listed in order by the incidence o support reported in our annual raud survey.

Debit CardsDebit card usage is becoming increasingly popular among consumers. In the o-line world,debit card usage has exceeded credit card usage since 2005. There are two types o debitcard transactions:

Card Association-branded Check Cards (e.g. check cards bearing the Visa or MasterCardlogo). These cards are processed identically to a credit card transaction (and are processedover the same credit card processing network), but may be processed at a lower interchangerate. Note that although unds are removed rom your customers account almost instantly,your bank account is unded in the same timerame as with credit card transactions.

PIN-less Debit. Merchants/businesses in select industries are able to accept Visa/MasterCard-branded debit cards and ATM debit cards online (without a PIN) and processthe transaction directly over the debit networks (STAR, PULSE, NYCE). Since thesetransactions bypass Visa/MasterCard processing networks, savings on interchange orthese transactions can be 23-65% or more compared to a credit card transaction. I yourorganization is in one o the ollowing industries, you should encourage payment viadebit card: utilities, insurance, telecommunications, cable providers, fnancial institutions,educational institutions and government agencies.

PayPalApproximately one out o three online merchants oer PayPal1. In 2007 PayPal reported 164million accounts and $2 billion in stored balances. Consumer adoption o PayPal as an onlinepayment method continues to grow. PayPal reports that the average increase in sales, due toadding PayPal or small and medium size online merchants is 14%.

Gift CardsOne out o our online merchants currently accept git cards or online git certifcatesI your organization does not accept this payment method you are unquestionablybypassing some revenue. During the holidays over 60% o online shoppers purchase gicards or certifcates online.

Bill Me LaterOur research indicates that one out o our large online merchants now support Bill Me Lateand overall one out o eight online merchants oer the payment method. Bill Me Latereports their merchants experience 25-150% increases in average order values as well as46% greater repeat use. Invoicing and instant credit (extending credit just or the value othe purchase via real-time credit evaluation) can address potential customers who do nothave credit cards, are araid to use credit cards online, or who do not have a credit card athand when making a last minute or impulse buy online. Services such as Bill Me Later work

like a credit card (except that there is n o plastic card involved), allowing th e shopper to payin ull or by installments over time.

Electronic Checks / ACHOne out o fve online merchants accept electronic checks. Accepting checks online canexpand sales by reaching out to households and shoppers who do not have credit cardsor do not want to provide credit card inormation online. Electronic checks can include aguaranteed payment option where payment risk is passed to a third party authorizer. Alsounlike credit cards, merchants can wait or payment settlement with electronic checkbeore shipping goods to customers. In 2007, online ACH (electronic check) volume grewby 27%, reaching 1.74 billion transactions. Companies selling online who implemenelectronic checks typically see 3-8% o their sales coming through checks, with at leashal o that representing sales they would have otherwise lost. Some companies haveseen even larger increases2.

Payment Methods to be Used or OnlineHoliday Shopping according to U.S.Consumers (% o respondents)

Online Payment Methods Supported byU.S. Merchants


6/22

6

Payment Preerences by Market

% o consumers citing specifed payment type as the one they preer or online payments

Credit Card Debit CardBank Transferor Direct Debit COD

ConvenienceStore PayPal

North America

Canada

United States

Latin America

Brazil

Mexico

Western Europe

France

Germany

Italy

Netherlands

Spain

Sweden

UK

Asia/Pacific

Australia

China

India

Japan

Korea

Singapore

Source: Bank o International Payments (Geneva); eMarketer/AC Nielsen; China Internet Network Inormation Center; Ministry o Public

Management, Home Aairs, Posts and Telecommunications-Japan

50% 2049% 519% < 5%

% o consumers citing use o this payment option

when shopping online during last 12 months:

Tactic #3: Oer payment types preerred by non-U.S. consumers

Supporting local payment types in international markets has been seen to lit sales 200% or more as compared to oering only standard

card payment options. Research shows that 60% o American and Canadian online merchants accept orders rom outside the U.S. and

Canada. For these merchants, international sales account or an average 18% o their orders. However, less than 30% o those accept

local payment types. This is a signicant missed opportunity.

Oeringcountryspecicpaymentmethodssuchasconsumerpushpayments:banktransfers(eg.Giros),merchantpullpayments:

directbankdebits(e.g.theELVsysteminGermany),andcountryspecicconsumercredit/debitcards:Dankort;CartaSi;CarteBleue

etc. can signicantly increase sales by acilitating purchases rom all online consumers in those countries. The table below illustratespayment preerences in various markets. CyberSource suggests you veriy preerences prior to implementing your payment strategy.


7/22

73FutureNowRetail Customer Experience Study4RightNow Technologies & YouGov Research

Tactic #4:Accept payment in local currency

To maximize the order conversion benets o supporting local payment options conside

presenting customer pricing in local currency, as this can have a signicant impact on

sales. Multi-currency or dynamic currency conversion services are available that allow

your customers to pay in their local currency while ensuring youre paid U.S. dollars o

other desired settlement currencies.

Tactic #6:Calculate and display total price early in checkout process

According toKen Burke, author ofIntelligent Selling,the Art and ScienceofSelling

Online, ailure to communicate total purchase price up ront leads to shopping cart

abandonment. Typically these additional costs involve shipping and tax calculations. A

study o 300 top retail web sites ound that only 42% provided shipping costs early in

the checkout process3. A survey o UK online shoppers ound that 16% abandoned thei

purchase because they ound it difcult to locate inormation on shipping costs4. Leading

merchants are reducing abandonment by calculating sales taxes in real time during thecheckout process, combining them with shipping and handling charges, and presenting

the total amount customers are required to pay early in the process.

Note: There are more than 60,000 tax jurisdictions in the U.S. and Canada and approxi

mately 100 Value Added Tax (VAT) systems worldwide. Companies with a legal nexus in a

U.S. state are required to collect sales taxes or online sales made to customers residing in

thatstate.CompaniesdeliveringdigitalgoodsorservicesonlineintotheEuropeanUnion

arerequiredtoregisterandpayVATontheirEUsalesiftheirsalesexceedcertainthresh

olds.Giventhenumberofproductstaxed,dierentexemptionsbyjurisdictionsandthe

largenumberofjurisdictions,taxratesareconstantlychanging.Bestpracticeistousea

real-time dynamic system to correctly calculate tax liability prior to checkout.

26%

Prior to

Checkout

DuringCheckout

Other /Dont Know

Not aConsideration

26% o Shoppers Consider PaymentOptions Prior to Checkout

Source: 2008 Jupiter Research/PayPal survey

Tactic #5:Merchandise payment typesaccepted

In order to maximize the conversion

uplit rom oering a wide variety o

payment choices, leading merchants

overtly promote the payment types they

accept. Just as brick and mortar stores

advertise payment types they accept

on their doors and at their checkoutcounters, it is important or online

merchants to prominently display the

payment types they accept on their

website prior to checkout. According to

Jupiter Research, many consumers make

purchase and payment method decisions

prior to checkout. 26% o online shoppers

considered their payment method choice

beore going to the checkout page.


8/22

8

Tactic #8:Use stand-in domicile and regional/inter-regional vendors

Some local payment types require legal presence in a country or may be provided at lower

cost to merchants who are legally domiciled in those countries. Local domicile is typically

required or direct debit and bank transer payments. To get to market aster and minimize

entry cost, savvy merchants work with vendors who provide stand-in domicile or direct

debit and bank transer payments, thus alleviating the need to establish independent

domicile which can take several months. Note that merchants themselves must also

establish domicile in-country or region to qualiy or local or regional interchange ratesor general purpose card processing.

Cost Savers

Tactic #7:Implement global on-demand payment gateway

Many o the most experienced merchants are reducing operations and acceptance costs

by adopting an on-demand payment gateway structure. These merchants who have

more experience with payment type additions, domestic or global, are actively migrating

rom direct-to-processor connection models, to one o leveraging global gateway

inrastructures. They cite the advantages o managing less payment inrastructure 24/7,

while gaining aster access to new markets and payment types. Further, these merchants

usesuch a structure toachievebestrate processing. Byestablishinganon-demand

processing inrastructure they have removed the barriers to switching providers

because the integration is not tied to a specic processor, a merchant account can be

easily changed, giving them the ability to switch vendors almost overnight. This increases

price competition (in terms o price and overall value oered) since the cost o alternative

integration and re-connection has been removed. Such a payment gateway structure

also consolidates and standardizes payment data, making it easier to manage and

optimize operations ollowing payment acceptance. This includes: raud management,

reconciliation and chargeback management.

Tactic #9:Consolidate payment transactions across CNP sales channels

I you have multiple sales channels or web stores accepting card not present (CNP

transactions with separate merchant accounts or merchant account providers it may

be benecial to consolidate volumes to take advantage o volume discounts. Paymen

consolidation may also acilitate the reconciliation process and decrease the time and

costs o reconciling payments received to original sales. Centralizing payment data can

also lower the cost o compliance with industry data security requirements.


9/22

95CyberSource Online Fraud Report

CyberSource research indicates lack o optimization results in costs that include not only raud losses, but also valid order rejection,

increased cost o sales, reduced scalability, and shipping delays. The combination o these inefciencies typically results in prot drag

being triggered by 20-50% o incoming ordersplus some impact to customer satisaction.

Revenue Liters

Studies show that, on average, merchants are declining 4 or more orders due to suspicion o raud or every raudulent order they

actually incur. Merchants that actively manage their screening process oten nd that 15-20% or more o the orders they have declined

are in act valid. Though many tactics associated with raud management can aect both revenue and cost, the ones noted below are

consistently employed by merchants to reduce valid order rejection.

Tactic #10:Supplement AVS results with other detectors

AVS (Address Verication Service provided in the U.S. as a standard

part o the card authorization service) is valuable as one datapoint

or evaluation, but not as an absolute determinant o order validity.

Our research shows that, out o one million transactions processed,

160,000 valid orders would be rejected i merchants accept the

order based solely on a ull or partial AVS match. I acceptance

criteria are urther tightened to require ull AVS match, valid order

rejection is as high as 20%. Note: AVS inormation is requently

known by raudsters and is thereore equally not a reliable single

detector.Even ifyoumanually reviewordersrejectedbasedon

AVS results, sole reliance on AVS needlessly increases manual

review rates which increases cost o sales and impacts customer

satisaction. Using the our dimensions o tools noted in the cost

savings portion o this section can also help identiy and convert

more valid orders.

Tactic #11:Change how you use and position CVV

Use o CVV (Card Verication Value, aka CVV2, CIDthe additiona

three digit verication number printed on the credit card)

provides a meaningul lit to raud detection. However, similar to

AVS, reliance on this actor can also result in meaningul levels o

valid order rejection(about15,000orderspermillion).Because

customers may at nger data input, or the number may be worn

o the card, the best merchants choose to use this as one acto

in detection, but not an absolute test o validity. Merchants have

also cited cases o customers abandoning orders because o CVV

being smeared or worn-o the card and unable to be input. As a

result they have positioned CVV as a way to speed order approva

and encourage its input, but no longer deny orders solely on this

actor. Also, like AVS, raudsters may have complete inormation

including CVV.

Tactic #12: Monitor order rejection rate & A/B test rules

While it is difcult to measure the number o valid orders rejected due to suspicion o raud, an order rejection rate above the current 4%

overall average5 or U.S. and Canadian online merchants may indicate you are turning away good customers. Within specic categories

like consumer electronics, we have seen that the top perorming merchants can achieve order rejection rates o 2% or lesshal that o

their competitorswhile still controlling payment raud loss to industry norms or lower. To estimate valid order rejection levels you can

implementanA/Btestonordersyoureject,allowingasmallrandomsampleofrejectedorderstobeprocessedandcloselymonitoring

the payment raud rate or those orders. Valid order rejection can also be estimated via modeling. For merchants who already have a

reasonable control on raud, urther reducing the raudulent order rate (raud chargebacks) may yield a ew tens o basis points o cost

savings, while reducing order rejection rates rom 4% to 2% and maintaining raud loss rates can have a positive impact on top line

revenues which is several times larger.

Order Screening

This payment pipeline stage addresses the optimization o your raud screening and manual order reviewoperations across payment types and markets. The best merchants employ a process o automatedscreening using multiple detection tools and a common rules system, ollowed by manual review oorders outsorted in the automated process using a case management system. These merchants alsomanage a closed-loop process where chargeback and raud data is constantly ed into rule, detectionand manual review operations to tune systems and policies or maximum protability.


10/22

10

Tactic #13: Examine your credit managers MBOs

It is important to remember the tradeo just coveredoten more prot is gained by liting order acceptance than urther reducing the

chargeback rate. Is your credit manager pressured to continuously reduce chargebacks? I so, rules and policies or order acceptance

may lean toward manual review and mitigating acceptance riskresulting in increased cost o sales and valid order rejection. The bes

merchantsalignnanceandsalesMBOstooptimizeprot.RiskMBOsarere-writtentofocuseitheronascienticallycalculatedbalance

pointbetweensalesopportunitycost,reviewcostandfraudloss;or,annuallysettoanagreedrateoffraudacceptancesuchthatfraud

is controlled but not viewed as a metric that should be driven down urther without re-assessing overall prot impact.

Cost Savers

Costs in this area are driven by raud lossa result o ineective screeningand manual review, which increases cost o sales and

constrains scalability. Increasing raud screening automation, reducing the share o orders outsorted or manual review, and increasing

reviewer productivity are all ways to reduce the cost o order screening. On average, about three out o our orders sent to manua

review are ultimately accepted, which points to the opportunity or better automated screening. Also, or some merchants it may be

easible to implement screening services that shit raud liability back to the issuing bank. Here are some o the key tactics the best

merchants employ to achieve eective raud screening.

Tactic #14: Use detection tools that span ourdimensions o validation

Our studies show merchants continue to increase the number o detection

tools they use to screen orders or payment raud. Currently the average

number o tools merchants deploy is over 5 tools. Merchants having

higher annual sales volume use 7 or more tools. However, the dierence

in merchant perormance is not just the number o tools. Statistically, the

best merchants are twice as likely to use tools and rules that span our

dimensions o validation that eectively box raudsters inleaving them

very little opportunity to present a perectly unique identity like that o

an honest customer. In contrast, the average merchant typically uses only

one or two o these tool dimensions. This our dimension approach not

only controls costs by detecting raud more accurately, but can also reduce

valid order rejection because more angles o validity can be applied. Do

you use tools in each o these areas?

Global Validation Services

Detectors in this category include the services that accompany U.S. card authorization (AVS, CVV), card association authentication

services like Veried by Visa and MasterCard SecureCode, as well as other validation databases such as those or delivery address

validation and telephone number validation. This is the most common category o detection tool usage and both best and average

merchants use these tools with nearly equal requency.

Single Merchant Purchase History

These detectors and rules evaluate orders based on single-merchant experience and insight. They include methods o evaluating

purchase velocity (number or value o orders within a certain timerame), placement o customers on negative or positive lists based

on order history, and use o other customer data known to the merchant that aids in validation.

Multi-Merchant Purchase History

Bygaininginsighttopurchaserbehavioracrossmultiplemerchants,risksystemscandetectidentitymorphing,combinationsofactivity

that signal increased raud risk, and purchase velocity on a wider scale (raudsters rarely limit behavior to a single merchant).

Purchase Device Tracing

The prevalence o identity thet has made it relatively easy or raudsters to submit orders with valid payment, shipping and billing

inormation, and thus spoo many o the available validation services. Today raudulent orders are highly camouaged and in many

cases look like valid orders. Research indicates increasing adoption o purchase device tracing detectors such as IP geolocation and

device ngerprinting. These can determine i the point o order origination is congruent with other address inormation, and i multiple

orders, having dierent purchase identities, are originating rom the same purchase device. These two raud tools rank among the top

three planned or adoption by larger Internet merchants.

Global ValidationServices

AVS, CVV (card brand services) Veried by Visa, MasterCard

SecureCode

Telephone/address validation

U.S. export compli-ance/DPL lists

Single MerchantPurchase History

Purchase velocity Positive/negative list

Other customer data

Multi-MerchantPurchase History Global purchase velocity

Identity morphing

Neural net modeling/score

FourDimensions

BoxFraudsters in

Purchase DeviceTracing Device ngerprinting

IP geolocation


11/22

11

QuovasGeoPointmapsthelocationofover1.7billionassignableIP addressesonthe

Internet. According to Quova, adding IP address evaluation to order screening can

prevent an additional 70% o raud that would otherwise not be detected. Quovas

GeoPointisintegratedinCyberSourcesfraudmanagementportalalongwithotherthird

party services.

Device ngerprinting examines hardware and sotware characteristics o an Internet

device that are publicly exposed during the transaction, and creates a unique prole

o that device. This prole can then be used to correlate the consistency o identity

inormation originating rom that device. Note that in some markets, such as India,

consumers more commonly share computers and credit cards. Use and weight o device

tracing results must be tuned by market to render reliable results.

Tactic #15: Implement card association payer authenticationservices

A raud protection tool oered by the card associations involves cardholders

authenticating themselves online by entering a password during the checkout process.

These payer authentication services go by brand names including Veried by Visa,

MasterCardSecureCode,andJCBJ/Secure.Thecardassociationsprovideaninterchange

rate incentive or companies who implement and use these systems. More importantly,companies who use these payer authentication systems can oten shit the liability

or raudulent transactions back to the issuing bank. Some companies implementing

authentication systems nd that the liability insurance derived rom these solutions can

pay or the implementation costs in just a ew months o use due to lower interchange rates

and shiting the cost o raudulent charges to the card issuing banks. Note: MasterCard

SecureCodeisrequiredtoacceptMaestropaymentsinEurope.

We have seen that, because authentication adds a step to the checkout process, adoption

o these services varies by industry and product category. Currently, payer authentication

has enjoyed higher adoption in industries and product categories that cannot be as easily

cross-shopped or switched, such as airline ticketing. Note: These services have changed

dramatically rom their initial introduction. They now support an in-line authentication

prompt (vs. separate pop-up window) which better integrates with a merchants

checkout process and minimizes concerns over transaction suspension/abandonment.

Lost or orgotten passwords are no longer dead ends or consumers. They are simply re-

authenticated right on the spot.

Tactic #16: Implement real-time denied parties screening

I you accept orders rom outside the U.S. then you must comply with U.S. laws that

prohibit sales o goods or services to certain individuals or countries. I you extend credit

(e.g. installment payments) then domestic transactions also all within the scope o theseprohibitions. There are multiple lists o denied parties which are continuously updated by

several government agencies. Civil and criminal penalties can be imposed or violations (see

U.S. Treasury OFAC publication or more details regarding penalties and the U.S. Commerce

DepartmentBureauofIndustry&Securityforexportviolations).Stayingup-to-datewith

changes to these lists is possible via automated real-time services that monitor these lists

and check or compliance.


12/22

12

Tactic #17: Adopt 2 stage, business-user controlled automated screening

Surveys show the best merchants are twice as likely as the average merchant to employ an automated decision system with a business

user console interace. These systems take the results and inormation produced by raud detection tools and, according to rules dened

by business managers or that product or product category, categorize the order or acceptance, rejection, or suspension or urther

review. Some systems include the ability to test rule impact beore placing them into production (running them in the background on

live orders). This permits assessment o rule impact on review rates and rejection rates to allow or urther tuning prior to actual use.

ORDERS

TEST MODE

LIVE MODE

1st StageAutomated

Screen

Business User Controlled

Automated Screening Rules

Manual

Review

Accept RejectAccept Reject

Review

Review

Accept/Reject

1

2nd Stage

Automated

Screen

2

3

2 Stage Automated Screening Process

Merchants using these systems cite aster response time to

raud trends, more accurate detection (and acceptance) and less

dependence on scarce IT resources. In addition, these systems

appear to oster scalability. Most online merchants manually

review a high percentage o incoming orders. Depending on

revenues, the average share o orders outsorted or manual review

can be as low as 15% to as high as 45% o total orders. As order

volume grows, merchants ace the prospect o adding additional

manual review sta or improving their automated order screening

process to manage the higher volume o sales. A business-user

controllable decision system is usually the component that makes

this leap in efciency possible.

An emerging tactic is to implement two stages o automated

screening prior to manual review. The rst is designed to use

detectors across the our dimensions o validation discussed

earlier. The second acts on outsorted orders meeting a certain

prole, employing detectors that may be too costly to use or al

orders. Using this strategy merchants are sending ewer orders to

manual review and thus increasing their ability to support greate

overall order volume with the same raud team.


13/22

13

Device Fingerprint

Reviewers quickly see why order

was suspended for review

Reviewers actions logged and noted

Order data

Additional observations about

the order to aid review

Search by Name, eMail, IP Address,

Device Fingerprint, Account Number,

Shipping Address

Tactic #18: Use a case management dashboard

According to our research, over 50% o order screening costs

come exclusively rom stafng manual review operations, and

that rate continues to rise (expenditures on manual review sta

increased by 34% in 2007 over 2006). This creates a signicant

drag on scalability and ability to reduce cost o sales. The best

merchants are proactively addressing this trend via automated

screening enhancements and improvements that increase theproductivity o their review sta once an order is suspended or

manual review.

To increase productivity and the eectiveness o manual review,

the best merchants have adopted, at a rate nearly twice that o the

average merchant, a case management dashboard that presents

reasons or order suspension and all relevant order data on one

screen. Look to adopt systems that include additional workow

optimization eatures such as access to credit bureau inormation

rom within the dashboard and the ability to route cases based

on reviewer expertise.

52%

ReviewSta Cost

46% ofBudget

2006 2007

34% Growth in

Total $ Spent

FraudManagementSpending$

Review Sta Costs Consume LargerShareofBudget

Source: CyberSource Online Fraud Report

Case Review Screen

Tactic #19: Measure and monitor total raud loss

You cant optimize prots i you arent managing your costsin this case, the ull cost o raud loss. Our studies across hundreds o

mid-to large-sized merchants show that chargebacks account or only a portion o total raud loss (about 50%). The remainder take the

orm o reversals or credits issued directly to customers contacting your customer service centera chargeback is never initiated. I you

dont track this today, start working with your call center to gain visibility into credits issued due to raud and how that data can be ed

back into your raud management process to better automate and tune your systems.


14/22

14

Processing Management

The way payments are processed ollowing acceptance and screening can impact costs andrevenue capture up to 10%. Key considerations include payment ailure management andmanaging interchange.

Revenue Liters

On average, 5-7% o payment authorization requests are declined. Approximately 20% o these

ailures (1.2% o all transactions) are temporary ailures, resulting rom the purchaser being at his

or her credit limit (but may have credit or cash available on alternatives), incorrect data input, o

a condition that can be reversed i the payment is re-tried within a brie period o time. Actively

addressing these conditions can help increase conversion and lit subscription retention.

Tactic #20:Authorize in real-time & prompt or alternative method

Batchprocessingexposesyoutolosingthe1.2%oftransactionsthatfailduetoconditionsthatcan be recovered i handled in real-time. The best merchants process in real-time and prompt or

authorization re-try (re-entry o payment data) i the processor decline is o a type that might reect

innocent data entry error on the part o the consumer. Similarly, i declined or insufcient unds, best

practice is to prompt or an alternative payment method rather than lose the order.

Tactic #21:Account updater and re-try logic or subscription billing

Statistics indicate up to 15% o subscriptions, i let unmanaged, risk termination due to temporary

payment ailures and attempts to bill against expired cards. Obviously no merchant leaves this

completely unmanaged. However, any payment ailure triggers action by your customer or custome

service representative. That ultimately shines light on the subscription which subjects it to termination

risk.Bestpracticesmerchantsimplementre-try logic (initiatingauthorizationattemptsatoptima

intervals ollowing the initial attempt) and account updater services to optimize retention. Accoun

updater services provided by the card associations automatically update accounts on record with

new inormation (account number and expiration date) when cardholder inormation is modied

You must work with your acquirer and processor to establish account updater services.

Tactic #22:Transaction caching and alternative routing

Todays payment systems are reliable, but occasionally processor systems are unavailable or Interne

routes to processors temporarily ail. The most sophisticated merchants have implemented exible

payment capabilities (systems and merchant account relationships) that allow them to re-route

payment requests to alternative processors, or cache and batch payment transactions or later

submission to avoid lost sales.


15/22

15

Cost Savers

The best opportunity or cost reduction is active management o the actors that aect interchange rates (the

rate charged by the card association and your merchant account holder). Approximately 5% o transactions are

downgraded due to actors under the merchants control. The cost o interchange downgrades varies widely

depending on transaction details but can range rom an additional 0.45-2% o the total transaction amount.

Here are tactics you can use to reduce processing costs.

Tactic #23: Keep authorizations resh and accurateDowngrades oten occur due to authorizations being stale or a mismatch between the authorization amount

and the capture amount. Merchants who aggressively manage interchange use vendors or implement logic that

automatically rereshes the authorization and ensures synchronization between the authorization and capture

amount.Examples:

Intheeventofasplitshipment(onlypartoftheorderisshippedandbilledduetoinventoryconditions)a

resh authorization, i needed, is obtained or each capture submitted to ulll the order, to thereby ensure

that each captured transaction has a resh authorization and that the authorization and capture amounts

always match.

IfcaptureisrequestedagainstanauthorizationthatisolderthanXdays,afreshauthorizationisobtained

(the number o days varies by card brand, or example Visa is 7 days or eCommerce transactions).

Tactic #24: Supply complete processing data

To avoid downgrades, ensure you are passing all the data required to qualiy or the best rate. For example:

PasseCommerceMOTO/ECIindicatorforVisa,theBanknetRef#orauthorizationdateforMasterCard

SubmitbillingaddressinformationandrunAVS

PasscompletedataforLevel2cardprocessing(seerepresentativesamplebelow)

PasscompletedataforLevel3cardprocessing(seerepresentativesamplebelow)

DataRequiredtoQualifyforBestInterchangeRateon Corporate Purchasing Cards

Level III

1. Standard Transaction Detail

2. Tax Amount

3. Purchase Order Number

4. Order Level Data

ShippingAmount

DestinationZip

DestinationCountry5. Item Level Detail

ProductDescription

ProductCode

CommodityCode

Quantity

UnitofMeasure

UnitCost

LineItemTotal

DiscountAmount

Level II

1. Standard Transaction Detail

2. Tax Amount

3. Purchase Order Number


16/22

16

Revenue Liters

Tactic #25: Challenge raud-related chargebacks

I youre not challenging chargebacks, youre likely missing a quick and eective way o adding

revenue and reducing costs. Research shows, on average, merchants win 40% o the raud-related

chargebacks they challenge, resulting in net recovery o 28% o all raud-related chargebacks

received. O course, experience varies by merchant and by type o goods sold, e.g. digital merchants

can nd it more challenging to prove delivery/fulllment. But the opportunity is well worth

investigating, both in your internal process and in your work with solution partners.

Collection & Reconciliation

This stage addresses optimization o your chargeback/re-presentment and payment reconcilia-tion operations. As merchants add more payment types, serve more markets, and use more pro-cessors, collection and reconciliation operations become increasingly complex and expensiveSavvy merchants are actively managing these operations to increase revenue capture and scaleoperations with less cost and complexity.

One out o Four Fraud Chargebacks Can be Recovered

Win Rate Net Recovery Rate

On average, merchants win 40% of

chargebacks challenged.

* Net Recovery Rate is expressed as a %

of all fraud-coded chargebacks received.

40%Re-presentments

Won

28%Chargebacks

Recovered

Source: CyberSource Online Fraud Report

Cost Savers

Tactic #26: Automate payment reconciliation

As you add payment types and currencies, reconciliation becomes increasingly complex and a

actor in your organizations ability to grow. In act, some merchants operating globally have policies

requiring that any payment type supported must be capable o automated reconciliation. Whats

the gain? Up to 90% o reconciliation operations can be automated by tying order data to payment

reports via unique payment transaction IDs. Some, but not all processors provide electronic data

eeds that can be used to automate reconciliation. Check with your processor or payment vendor to

determine availability.


17/22

176Forrester Research Survey7ScanAlert/Petco Study

Payment Security

In todays world payment security is not just overhead or a PCI compliance issue, its a way olie. It has become a component o brand image and reputation. Online merchandising expertsnow highlight it as a key actor in sales conversion (checkout process). The best merchants capi-talize on this dynamic, and are employing speciic strategies to minimize the cost o maintainingpayment security in the process. Heres how you can do it.

Revenue Liters

Consumers are increasingly concerned about the saety and privacy o their payment data. The leading reason Internet

users cited or not shopping online is concern about giving credit card inormation over the Internet 6. The chart below

highlights the relative importance o things buyers consider when assessing online shopping security. The signal is clear.

You have the opportunity to build trust and lit conversion by merchandising payment security.

Concern Overall Canada France Germany Japan UK US

Familiarity with the onlinevendor or brand name

recognition

70.8% 80.5% 58.7% 74.8% 47.6% 83.1% 81.0%

Security lock symbol 70.6% 70.6% 84.8% 58.3% 49.2% 81.3% 79.5%

Certiication (e.g., BBB,

Verisign, or TRUSTe)53.9% 62.2% 50.5% 48.9% 36.4% 57.3% 68.2%

A smooth and easy checkout

process43.6% 41.9% 46.5% 36.2% 22.5% 59.7% 55.0%

URLs that have https or

shttps in the address39.4% 35.2% 43.9% 40.6% 23.8% 45.8% 47.5%

Source: Webroot Online Shopping Survey, October 2007 (N=3626)

Tactic #27: Merchandise payment security

Merchandising your payment security practices can lit conversion 4-32% 7. Also, the specic placement o the trustmark

(orsecuritymessage)furtherimpactslift.A/Btestingshowsthatthemoreprominentthemarkormessage,thegreaterthe

conversion impact.

+1.76% +6.3% +8.8%

BRAND

Trust

BRAND

Trust

BRAND

Trust

Trustmark Placement Impacts Sales Lit

Source: ScanAlert/Petco Study

Itisimportanttorememberthatshoppersenteryoursiteatmanypointsnotjustyourhomepage.Becausethebuying

process starts immediately, best practice is to merchandise payment security not just at checkout, but also within the

context o each page and at other key interaction points: email signup, registration pages, and privacy policy pages.

Secure Site Indicators (Percent o online shoppers who look or these indications o shopping security)


18/22

188Ponemon Institute survey

Cost Savers

What does it cost to maintain security? It is estimated that the cost o a stolen customer record is

$1978. Multiply that by tens or hundreds o thousands o customer records and the nancial liability

is clear. More importantly, the cost to your brandloss o trustis even more signicant and harder

to recover. So, how do you maintain payment security at minimum cost? Previous practice has been

to identiy where payment data is stored, processed or transmitted and lock it down wherever it

mightreside.Emergingpracticeadoptsadierentfocus:centralizeandgetthedataout.

Tactic #28: Centralize payment systems

Leading merchants are centralizing payment systems across channels to minimize the number o

places payment data is stored, processed and transmitted. Doing so will enable you to ocus eorts

on securing the ew remaining places data is present. In this model, multiple payment channels are

enabled by a single, underlying system that supports processing, order screening and reconciliation

management across the payment channels. Remote secure data storage and hosted acceptance

(discussed in the ollowing tactics) are also compatible with this approach (a representative

architecture is shown below).

Management &AdministrationInterfaces

Centralized Payment Management

Processors

&Banks

Worldwide

PrimaryProcessor

Workow Engine

InternalSystems

Integration

PrimaryGateway

Integration

OtherProcessor

Integrations

AutomatedReconciliation

System

Remote PaymentData Storage

HostedForm/Fields

(Option)Payment

Info

POS/Kiosk

PaymentInfo

Call Center

Sales Channels

Merchant Systems

PaymentInfo

Web

Centralized Payment Management Architecture


19/22

19

Tactic #29: Eliminate payment data storage

New philosophy: why accept the cost and risk to secure it, when you can get rid o it? Weve seen mid-sized, as well as multi-billion

dollar global merchants adopt systems and policies to rid their environment o payment data storage. Using this approach, payment

data storage is outsourced to a PCI DSS compliant payment supplier (ideally with PA DSS certication or the secure storage application

as well). The costs o securing data can be reduced in an outsource model since the overhead costs o data security are spread acros

many merchants.

In this model, instead o storing payment inormation on your companys systems, it is stored in PCI-compliant data centers residing

within the domain o the banking and processing network. Your order management system transmits the customers paymeninormation to the banking network at the time o initial payment acceptance. Your systems then receive the response along with a

payment token that can be used to reerence that transaction or any uture billing actions (credits, reunds, subscription billing, one-

click-buy models, etc.). Thus, all payment data is stored on banking and processing network systems. Your company stores only a secure

token that is useless to hackers or employees.

Tactic #30: Push payment data capture to your ser vice provider

To urther mitigate security risk, merchants are completely eliminating payment data contact with their systems by outsourcing

acceptance. You can use a PCI-compliant payment services supplier to host the payment data elds that appear on your checkout page

This can be implemented as an iFrame within your checkout page, or a ully hosted page. Using this approach your company neithe

handles nor stores payment data, thereby eliminating the burden and most o the costs o payment data security management.

PAY

32

41 Result &Token

AccountCreated &

Data Stored

Result(Auth=Y)(Auth=N)

Etc.

PaymentInfo

######

PaymentInfo

######

Payment Network

PaymentData

RemoteStorage

Corporate Systems

5

PAY

32

41 Result &Token

Data Stored

Result(Auth=Y)(Auth=N)

Etc.

PaymentInfo

######

PaymentToken

PaymentData

RemoteStorage

5

Secure Storage: Initial Transaction Secure Storage: Subsequent Transaction


20/22

20

How Remote Storage and Hosted Acceptance Streamlines PCI Compliance

ByusingsecurestorageandhostedacceptancetacticsyoudramaticallystreamlinePCIcompliance.Completingtheself-assessment

questionnaire (SAQ) is reduced to a ew checkboxes, and noting that you comply with physical access control standards and maintain

an inormation security policy.

To review the SAQ A orm, or review additional inormation on PCI DSS compliance see the PCI Standards Council website a

www.pcisecuritystandards.org. Merchants accepting credit or debit card payments are required to be in compliance with the Payment

Card Industrys Data Security Standards (PCI DSS). The PCI DSS is a multi-aceted security standard that includes requirements o

security management, policies, procedures, network architecture, sotware design and other critical protective measures.


21/22

21

CyberSource ePayment Management Services

Resources&Solutions

To nd inormation on CyberSources industry leading risk

management solutions, sel-paced webinars on decision

management, and other whitepapers on electronic payment

management, visit our Resource Center at www.cybersource.

com. For sales assistance phone: 1-888-330-2300; or e-mail:

[email protected].

CyberSource ePayment ManagementSolutions

CyberSource oers a comprehensive portolio

o modular services and tools to help your

company manage your entire payment

pipeline to optimize sales results. All are

available via one connection to our web-

based services.

Payment Acceptance 190+ CountriesAccept payments worldwide using a merchant account

rom your preerred provider or CyberSource: worldwide

credit and debit cards, regional cards, direct debit, bank transers,

electronicchecksandalternativepaymenttypessuchasBillMe

Later and PayPal. CyberSource also provides proessional services

to help you integrate payment with ront-end and back-ofce

systems.

Risk Management/Order ScreeningFraud Management Portal. A hosted rules and case managementsystem that interaces with over 150 validation tests and services

including: multi-merchant transaction history checks, worldwide

delivery address and phone verication, IP geolocation, purchase

velocity, identity morphing and custom data rom your systems.

Managed Services. CyberSource provides client services to help

you analyze, design and manage your order screening and raud

detection processeseverything rom screening strategies and

risk threshold optimization analysis to ongoing monitoring, order

review and chargeback management. Our managed services

include business perormance guarantees.

Payer Authentication. Veried by Visa, MasterCard SecureCode.

Processing ManagementCyberSource processes your payments in our highly available

datacenterslocatedintheU.S.,Europe,andJapan.Alldatacenters

are certied PCI-compliant and include sophisticated processing

management logic to help prevent payment ailures and rate

downgrades.

Collection & ReconciliationA ull array o online and exportable payment reporting capability

is available to streamline reconciliation activity. Further, systems

can be installed to automate up to 90% o the tasks associated

with payment reconciliation and chargeback re-presentment.

3 Managed Services

2 Design & Installation

1 Systems & Services

PAYMENT SECURITY

Order

Screening

Collection&

Reconciliation

Global Payment

Acceptance

Processing

Management

L A S E R

B a nk

Tr a ns f e r

Direct

Debit

ORDER

t0OMJOF

t$BMM$FOUFS

t*73

t,JPTL

t104

t&31

8JUI1FSGPSNBODF

(VBSBOUFFT

Payment SecurityRemove Payment Data From Your Network. CyberSource provides secure

storage and hosted payment acceptance services that let you

process without storing or even transmitting payment data. A great

way to streamline PCI compliance and mitigate security risk.

Payment System Centralization. Our team o experts will help you

consolidate multiple payment systems into a single, easy to

manage system. Optionally, CyberSource will also host, support

and manage these systems in our secure datacenters.

PCI Planning & Remediation. CyberSource provides PCI compliance

consulting and remediation services, as well a complimentary PC

vulnerability scanning services to help you maintain compliance.

Proessional ServicesCyberSource maintains a team o experienced payment

consultants to assist with payment systems planning, system and

process design, and implementation and integration. Our client

services team is additionally available to help you monitor, tuneor ully outsource portions o your payment operations.


22/22

About CyberSource

CyberSource Corporation is a leading provider o electronic

payment, risk and security management solutions. CyberSource

provides payment management solutions or electronic

payments processed via Web, call center, kiosk, mobile and POS

environments. Services include hosted systems to help you

manage electronic payments, as well as proessional services

to help design, integrate and ully manage parts or all o your

payment operations. Over 200,000 businesses worldwide use

CyberSource solutions, including hal the companies comprising

the Dow Jones Industrial Average and leading Internet brands.

The company is headquartered in Mountain View, Caliornia, andhas sales and service ofces in Japan, the United Kingdom, and

other locations in the United States.

North America

CyberSource Corporation

1295 Charleston Road

Mountain View, CA 94043

T: 888.330.2300

T: 650.965.6000

F: 650.625.9145

Email:[email protected]

Europe

CyberSource Ltd.

The Waterront

300 Thames Valley Park Drive

Thames Valley Park

ReadingRG61PT

United Kingdom

T: +44 (0) 118.929.4840

F: +44 (0) 870.460.1931

Japan

CyberSource KK

3-11-11 Shibuya, Shibuya-ku

Tokyo, 150-0002 Japan

T: +81.3.5774.7733

F: +81.3.5774.7732

Email:[email protected]

For More Information

Call: 1.888.330.2300

Email: [email protected]

Visit: www.cybersource.com

Documents

Insider Guide to e Payment Management