Upload
bellaabells
View
217
Download
0
Embed Size (px)
Citation preview
7/30/2019 Insider Guide to e Payment Management
1/22
to ePayment Management
30 Tactics Leading Merchants Use to Capture Hidden Prots
7/30/2019 Insider Guide to e Payment Management
2/22
2
Global Payment Acceptance 4
Tactic #1: Oer 3 or more payment types 4
Tactic #2: Oer payment types preerred by U.S. consumers 5
Tactic #3: Oer payment types preerred by non-U.S. consumers 6
Tactic #4: Accept payment in local currency 7
Tactic #5: Merchandise payment types accepted 7Tactic #6: Calculate and display total price early in checkout process 7
Tactic #7: Implement global on-demand payment gateway 8
Tactic #8: Use stand-in domicile and regional/inter-regional vendors 8
Tactic #9: Consolidate payment transactions across CNP sales channels 8
Order Screening 9
Tactic #10: Supplement AVS results with other detectors 9
Tactic #11: Change how you use and position CVV 9
Tactic #12: Monitor order rejection rate & A/B test rules 9
Tactic #13: Examine your credit managers MBOs 10
Tactic #14: Use detection tools that span our dimensions o validation 10
Tactic #15: Implement card association payer authentication services 11
Tactic #16: Implement real-time denied parties screening 11
Tactic #17: Adopt 2 stage, business-user controlled automated screening 12
Tactic #18: Use a case management dashboard 13
Tactic #19: Measure and monitor total raud loss 13
Processing Management 14
Tactic #20: Authorize in real-time & prompt or alternative method 14Tactic #21: Account updater and re-try logic or subscription billing 14
Tactic #22: Transaction caching and alternative routing 14
Tactic #23: Keep authorizations resh and accurate 15
Tactic #24: Supply complete processing data 15
Collection & Reconciliation 16
Tactic #25: Challenge raud-related chargebacks 16
Tactic #26: Automate payment reconciliation 16
Payment Security 17Tactic #27: Merchandise payment security 17
Tactic #28: Centralize payment systems 18
Tactic #29: Eliminate payment data storage 19
Tactic #30: Push payment data capture to your service provider 19
CyberSource ePayment Management Services 21
CON
TENTS
7/30/2019 Insider Guide to e Payment Management
3/22
3
How much can ePayment Management impact your organizations prots?More than you might think. Our research and eld experience with many o the worlds leading online brands suggests actively
managing ePayments can deliver a combined cost savings and sales conversion increase equal to 5-8% o revenue or more. And, when
entering new markets, proper payment management has been demonstrated to yield up to a 15-20% dierence in revenue results. To
put this in context, many marketing departments work diligently to realize a 2-5% lit in conversion. Using this lens you can see that
payment isnt just a utility. Payment is a process that can be managed to yield a proound impact on business results. It has become an
area o strategic ocus or top management at leading organizations.
The best perorming online businesses embrace this view and manage payments as a complete end-to-end process, starting with
payment acceptance and order screening, and continuing on through processing, collection and reconciliation, with all unctions
enveloped by payment security and compliance considerations.
For additional inormation, whitepapers and webinars, or sales assistance:
Contact CyberSource:
1.888.330.2300 orwww.cybersource.com/contact_us
Resource Center:
www.cybersource.com/resources
This guide describes tactics you can use to capture hidden
prots in these ve key areas o ePayment operations. Tactics are
urther categorized into Revenue Liters and Cost Reducers.
They are derived rom merchant practices surveys (CyberSource
Payment Survey, CyberSource Fraud Survey), eld experience
with leading online and multi-channel merchants, and analysis
o industry data. You may have already implemented some o
these tactics, however it is likely youll nd at least a ew that can
measurably increase your revenues and/or reduce your costs. We
welcome your questions and will respond to your inquiries atwww.cybersource.com/contact_us.
Order RetainedProt
1. Global PaymentAcceptance
Merchant account and
processor connections.
5. Payment SecurityTransaction security and PCI compliance management
2. Order Screening
Fraud management.
Operations associated
with automated and
manual order review.
3. ProcessingManagement
Technology and
operations re: processing
integrity, interchange
management, payment
failure management.
4. Collection &Reconciliation
Chargeback
management and
payment reconciliation
operations.
ePayment Pipeline
7/30/2019 Insider Guide to e Payment Management
4/22
4
Revenue Liters
Tactic #1:Oer 3 or more payment types
Studies show merchants that oer 3 or more payment types realize a 14% lit in sales conversion over those that oer two or ewe
types. Note that types does not mean just multiple card brands, it means additional payment methods (cards, git cards, etc.).
Research among merchants and consumers supports this tactic. Larger merchants accept, on average, 3 payment types, while those
with lower sales volume accept, on average, less than three. Consumers indicate that, given equivalent product and price, accepting
the payment type they preer is a key inuencer in their purchase decision. Also, dierent demographic groups may tend towards
dierent payment options, and individual consumers may move among the payment options available to them depending on the type
o purchase, current available credit, etc.
0% 10% 20% 30% 40% 50% 60%
Accepts the payment method I want to use
Keeps my nancial information secure
Discount on next purchase
Oers PayPal or similar service
Double rewards points with store credit card
None of the above
Other
55%
54%
31%
17%
16%
8%
4%
I you had to choose between two websites that oered the same product at the same price,which o the reasons below would infuence your choice o where to buy? (Select all that apply.)
Source: JupiterResearch/PayPal survey, Jan. 2008, 2140 respondents to this question.
63%
TransactionCompletion
12 Methods 3+ Methods
72%
14% Lift in
Completed
Checkouts*
Payment Methods:
GeneralPurpose/BankCards
(Visa, MC, Amex, Discover etc.)
PrivateLabelCards
GiftCerticates/GiftCards
ElectronicChecks
SubscriptionBilling/Installmentpayments
InstantCredit(BillMeLater)
PayPalorothernon-cardpaymenttypes
* Percent o shopping carts started which are converted tosales. Source: CyberSource Merchant Survey
Oering 3+ Payment Methods Increases Conversion
Global Payment Acceptance
Global Payment Acceptance includes establishing merchant accounts, establishing connections tonecessary processors, integrating payment capability with customer-acing and back-end systems,and merchandising payment options to optimize payment mix and conversion.
7/30/2019 Insider Guide to e Payment Management
5/22
5
1CyberSource merchant survey 2FDC/Telecheck research
Tactic #2:Oer payment types preerred by U.S. consumers
U.S. consumers cite using these payment methods most requently to transact sales online (chart at let). While aggregate consumer
use oers a good rule-o-thumb, certain businesses optimize conversion with a dierent mix o options. Payment behavior diers with
purchase context: auction purchases, purchases at smaller businesses, and purchases transacted with larger merchants. For example
studiesshowonlinebusinesseswithannualsalesinexcessof$25MMacceptgiftcards,BillMeLaterandprivatelabelcardsatarate
higher than the overall merchant average (chart at right).
Source: Shop.org eHoliday Mood Study: Consumer Sur vey, conductedby BizRate Research, as cited in eMarketer 2007
Credit card
Debit card
PayPal
Gift cards/certicate redeemed online
Bill Me Later
Private label store credit card
Pay by check or money order
Loyalty/membership program points redeemed online
Google Checkout
79.7%
38.2%
32.8%
9.1%
8.6%
6.3%
6.1%
4.3%
2.5%
100%
95%
29%
33%
43%
25%
23%
20%
26%
13%
26%
9%
2%
7%
1%
1%
Credit/Debit cards
PayPal
Gift cards/Certicates
Electronic checksor ACH payments
Bill Me Later
Private label card
Google Checkout
Mobile Payments
Large Merchants
All Merchants
Source: CyberSource Merchant Survey
REVIEW OF U.S. PAYMENT OPTIONSIn addition to credit cards, you may wish to accept one or more o the ollowing to help lit conversion.They are listed in order by the incidence o support reported in our annual raud survey.
Debit CardsDebit card usage is becoming increasingly popular among consumers. In the o-line world,debit card usage has exceeded credit card usage since 2005. There are two types o debitcard transactions:
Card Association-branded Check Cards (e.g. check cards bearing the Visa or MasterCardlogo). These cards are processed identically to a credit card transaction (and are processedover the same credit card processing network), but may be processed at a lower interchangerate. Note that although unds are removed rom your customers account almost instantly,your bank account is unded in the same timerame as with credit card transactions.
PIN-less Debit. Merchants/businesses in select industries are able to accept Visa/MasterCard-branded debit cards and ATM debit cards online (without a PIN) and processthe transaction directly over the debit networks (STAR, PULSE, NYCE). Since thesetransactions bypass Visa/MasterCard processing networks, savings on interchange orthese transactions can be 23-65% or more compared to a credit card transaction. I yourorganization is in one o the ollowing industries, you should encourage payment viadebit card: utilities, insurance, telecommunications, cable providers, fnancial institutions,educational institutions and government agencies.
PayPalApproximately one out o three online merchants oer PayPal1. In 2007 PayPal reported 164million accounts and $2 billion in stored balances. Consumer adoption o PayPal as an onlinepayment method continues to grow. PayPal reports that the average increase in sales, due toadding PayPal or small and medium size online merchants is 14%.
Gift CardsOne out o our online merchants currently accept git cards or online git certifcatesI your organization does not accept this payment method you are unquestionablybypassing some revenue. During the holidays over 60% o online shoppers purchase gicards or certifcates online.
Bill Me LaterOur research indicates that one out o our large online merchants now support Bill Me Lateand overall one out o eight online merchants oer the payment method. Bill Me Latereports their merchants experience 25-150% increases in average order values as well as46% greater repeat use. Invoicing and instant credit (extending credit just or the value othe purchase via real-time credit evaluation) can address potential customers who do nothave credit cards, are araid to use credit cards online, or who do not have a credit card athand when making a last minute or impulse buy online. Services such as Bill Me Later work
like a credit card (except that there is n o plastic card involved), allowing th e shopper to payin ull or by installments over time.
Electronic Checks / ACHOne out o fve online merchants accept electronic checks. Accepting checks online canexpand sales by reaching out to households and shoppers who do not have credit cardsor do not want to provide credit card inormation online. Electronic checks can include aguaranteed payment option where payment risk is passed to a third party authorizer. Alsounlike credit cards, merchants can wait or payment settlement with electronic checkbeore shipping goods to customers. In 2007, online ACH (electronic check) volume grewby 27%, reaching 1.74 billion transactions. Companies selling online who implemenelectronic checks typically see 3-8% o their sales coming through checks, with at leashal o that representing sales they would have otherwise lost. Some companies haveseen even larger increases2.
Payment Methods to be Used or OnlineHoliday Shopping according to U.S.Consumers (% o respondents)
Online Payment Methods Supported byU.S. Merchants
7/30/2019 Insider Guide to e Payment Management
6/22
6
Payment Preerences by Market
% o consumers citing specifed payment type as the one they preer or online payments
Credit Card Debit CardBank Transferor Direct Debit COD
ConvenienceStore PayPal
North America
Canada
United States
Latin America
Brazil
Mexico
Western Europe
France
Germany
Italy
Netherlands
Spain
Sweden
UK
Asia/Pacific
Australia
China
India
Japan
Korea
Singapore
Source: Bank o International Payments (Geneva); eMarketer/AC Nielsen; China Internet Network Inormation Center; Ministry o Public
Management, Home Aairs, Posts and Telecommunications-Japan
50% 2049% 519% < 5%
% o consumers citing use o this payment option
when shopping online during last 12 months:
Tactic #3: Oer payment types preerred by non-U.S. consumers
Supporting local payment types in international markets has been seen to lit sales 200% or more as compared to oering only standard
card payment options. Research shows that 60% o American and Canadian online merchants accept orders rom outside the U.S. and
Canada. For these merchants, international sales account or an average 18% o their orders. However, less than 30% o those accept
local payment types. This is a signicant missed opportunity.
Oeringcountryspecicpaymentmethodssuchasconsumerpushpayments:banktransfers(eg.Giros),merchantpullpayments:
directbankdebits(e.g.theELVsysteminGermany),andcountryspecicconsumercredit/debitcards:Dankort;CartaSi;CarteBleue
etc. can signicantly increase sales by acilitating purchases rom all online consumers in those countries. The table below illustratespayment preerences in various markets. CyberSource suggests you veriy preerences prior to implementing your payment strategy.
7/30/2019 Insider Guide to e Payment Management
7/22
73FutureNowRetail Customer Experience Study4RightNow Technologies & YouGov Research
Tactic #4:Accept payment in local currency
To maximize the order conversion benets o supporting local payment options conside
presenting customer pricing in local currency, as this can have a signicant impact on
sales. Multi-currency or dynamic currency conversion services are available that allow
your customers to pay in their local currency while ensuring youre paid U.S. dollars o
other desired settlement currencies.
Tactic #6:Calculate and display total price early in checkout process
According toKen Burke, author ofIntelligent Selling,the Art and ScienceofSelling
Online, ailure to communicate total purchase price up ront leads to shopping cart
abandonment. Typically these additional costs involve shipping and tax calculations. A
study o 300 top retail web sites ound that only 42% provided shipping costs early in
the checkout process3. A survey o UK online shoppers ound that 16% abandoned thei
purchase because they ound it difcult to locate inormation on shipping costs4. Leading
merchants are reducing abandonment by calculating sales taxes in real time during thecheckout process, combining them with shipping and handling charges, and presenting
the total amount customers are required to pay early in the process.
Note: There are more than 60,000 tax jurisdictions in the U.S. and Canada and approxi
mately 100 Value Added Tax (VAT) systems worldwide. Companies with a legal nexus in a
U.S. state are required to collect sales taxes or online sales made to customers residing in
thatstate.CompaniesdeliveringdigitalgoodsorservicesonlineintotheEuropeanUnion
arerequiredtoregisterandpayVATontheirEUsalesiftheirsalesexceedcertainthresh
olds.Giventhenumberofproductstaxed,dierentexemptionsbyjurisdictionsandthe
largenumberofjurisdictions,taxratesareconstantlychanging.Bestpracticeistousea
real-time dynamic system to correctly calculate tax liability prior to checkout.
26%
Prior to
Checkout
DuringCheckout
Other /Dont Know
Not aConsideration
26% o Shoppers Consider PaymentOptions Prior to Checkout
Source: 2008 Jupiter Research/PayPal survey
Tactic #5:Merchandise payment typesaccepted
In order to maximize the conversion
uplit rom oering a wide variety o
payment choices, leading merchants
overtly promote the payment types they
accept. Just as brick and mortar stores
advertise payment types they accept
on their doors and at their checkoutcounters, it is important or online
merchants to prominently display the
payment types they accept on their
website prior to checkout. According to
Jupiter Research, many consumers make
purchase and payment method decisions
prior to checkout. 26% o online shoppers
considered their payment method choice
beore going to the checkout page.
7/30/2019 Insider Guide to e Payment Management
8/22
8
Tactic #8:Use stand-in domicile and regional/inter-regional vendors
Some local payment types require legal presence in a country or may be provided at lower
cost to merchants who are legally domiciled in those countries. Local domicile is typically
required or direct debit and bank transer payments. To get to market aster and minimize
entry cost, savvy merchants work with vendors who provide stand-in domicile or direct
debit and bank transer payments, thus alleviating the need to establish independent
domicile which can take several months. Note that merchants themselves must also
establish domicile in-country or region to qualiy or local or regional interchange ratesor general purpose card processing.
Cost Savers
Tactic #7:Implement global on-demand payment gateway
Many o the most experienced merchants are reducing operations and acceptance costs
by adopting an on-demand payment gateway structure. These merchants who have
more experience with payment type additions, domestic or global, are actively migrating
rom direct-to-processor connection models, to one o leveraging global gateway
inrastructures. They cite the advantages o managing less payment inrastructure 24/7,
while gaining aster access to new markets and payment types. Further, these merchants
usesuch a structure toachievebestrate processing. Byestablishinganon-demand
processing inrastructure they have removed the barriers to switching providers
because the integration is not tied to a specic processor, a merchant account can be
easily changed, giving them the ability to switch vendors almost overnight. This increases
price competition (in terms o price and overall value oered) since the cost o alternative
integration and re-connection has been removed. Such a payment gateway structure
also consolidates and standardizes payment data, making it easier to manage and
optimize operations ollowing payment acceptance. This includes: raud management,
reconciliation and chargeback management.
Tactic #9:Consolidate payment transactions across CNP sales channels
I you have multiple sales channels or web stores accepting card not present (CNP
transactions with separate merchant accounts or merchant account providers it may
be benecial to consolidate volumes to take advantage o volume discounts. Paymen
consolidation may also acilitate the reconciliation process and decrease the time and
costs o reconciling payments received to original sales. Centralizing payment data can
also lower the cost o compliance with industry data security requirements.
7/30/2019 Insider Guide to e Payment Management
9/22
95CyberSource Online Fraud Report
CyberSource research indicates lack o optimization results in costs that include not only raud losses, but also valid order rejection,
increased cost o sales, reduced scalability, and shipping delays. The combination o these inefciencies typically results in prot drag
being triggered by 20-50% o incoming ordersplus some impact to customer satisaction.
Revenue Liters
Studies show that, on average, merchants are declining 4 or more orders due to suspicion o raud or every raudulent order they
actually incur. Merchants that actively manage their screening process oten nd that 15-20% or more o the orders they have declined
are in act valid. Though many tactics associated with raud management can aect both revenue and cost, the ones noted below are
consistently employed by merchants to reduce valid order rejection.
Tactic #10:Supplement AVS results with other detectors
AVS (Address Verication Service provided in the U.S. as a standard
part o the card authorization service) is valuable as one datapoint
or evaluation, but not as an absolute determinant o order validity.
Our research shows that, out o one million transactions processed,
160,000 valid orders would be rejected i merchants accept the
order based solely on a ull or partial AVS match. I acceptance
criteria are urther tightened to require ull AVS match, valid order
rejection is as high as 20%. Note: AVS inormation is requently
known by raudsters and is thereore equally not a reliable single
detector.Even ifyoumanually reviewordersrejectedbasedon
AVS results, sole reliance on AVS needlessly increases manual
review rates which increases cost o sales and impacts customer
satisaction. Using the our dimensions o tools noted in the cost
savings portion o this section can also help identiy and convert
more valid orders.
Tactic #11:Change how you use and position CVV
Use o CVV (Card Verication Value, aka CVV2, CIDthe additiona
three digit verication number printed on the credit card)
provides a meaningul lit to raud detection. However, similar to
AVS, reliance on this actor can also result in meaningul levels o
valid order rejection(about15,000orderspermillion).Because
customers may at nger data input, or the number may be worn
o the card, the best merchants choose to use this as one acto
in detection, but not an absolute test o validity. Merchants have
also cited cases o customers abandoning orders because o CVV
being smeared or worn-o the card and unable to be input. As a
result they have positioned CVV as a way to speed order approva
and encourage its input, but no longer deny orders solely on this
actor. Also, like AVS, raudsters may have complete inormation
including CVV.
Tactic #12: Monitor order rejection rate & A/B test rules
While it is difcult to measure the number o valid orders rejected due to suspicion o raud, an order rejection rate above the current 4%
overall average5 or U.S. and Canadian online merchants may indicate you are turning away good customers. Within specic categories
like consumer electronics, we have seen that the top perorming merchants can achieve order rejection rates o 2% or lesshal that o
their competitorswhile still controlling payment raud loss to industry norms or lower. To estimate valid order rejection levels you can
implementanA/Btestonordersyoureject,allowingasmallrandomsampleofrejectedorderstobeprocessedandcloselymonitoring
the payment raud rate or those orders. Valid order rejection can also be estimated via modeling. For merchants who already have a
reasonable control on raud, urther reducing the raudulent order rate (raud chargebacks) may yield a ew tens o basis points o cost
savings, while reducing order rejection rates rom 4% to 2% and maintaining raud loss rates can have a positive impact on top line
revenues which is several times larger.
Order Screening
This payment pipeline stage addresses the optimization o your raud screening and manual order reviewoperations across payment types and markets. The best merchants employ a process o automatedscreening using multiple detection tools and a common rules system, ollowed by manual review oorders outsorted in the automated process using a case management system. These merchants alsomanage a closed-loop process where chargeback and raud data is constantly ed into rule, detectionand manual review operations to tune systems and policies or maximum protability.
7/30/2019 Insider Guide to e Payment Management
10/22
10
Tactic #13: Examine your credit managers MBOs
It is important to remember the tradeo just coveredoten more prot is gained by liting order acceptance than urther reducing the
chargeback rate. Is your credit manager pressured to continuously reduce chargebacks? I so, rules and policies or order acceptance
may lean toward manual review and mitigating acceptance riskresulting in increased cost o sales and valid order rejection. The bes
merchantsalignnanceandsalesMBOstooptimizeprot.RiskMBOsarere-writtentofocuseitheronascienticallycalculatedbalance
pointbetweensalesopportunitycost,reviewcostandfraudloss;or,annuallysettoanagreedrateoffraudacceptancesuchthatfraud
is controlled but not viewed as a metric that should be driven down urther without re-assessing overall prot impact.
Cost Savers
Costs in this area are driven by raud lossa result o ineective screeningand manual review, which increases cost o sales and
constrains scalability. Increasing raud screening automation, reducing the share o orders outsorted or manual review, and increasing
reviewer productivity are all ways to reduce the cost o order screening. On average, about three out o our orders sent to manua
review are ultimately accepted, which points to the opportunity or better automated screening. Also, or some merchants it may be
easible to implement screening services that shit raud liability back to the issuing bank. Here are some o the key tactics the best
merchants employ to achieve eective raud screening.
Tactic #14: Use detection tools that span ourdimensions o validation
Our studies show merchants continue to increase the number o detection
tools they use to screen orders or payment raud. Currently the average
number o tools merchants deploy is over 5 tools. Merchants having
higher annual sales volume use 7 or more tools. However, the dierence
in merchant perormance is not just the number o tools. Statistically, the
best merchants are twice as likely to use tools and rules that span our
dimensions o validation that eectively box raudsters inleaving them
very little opportunity to present a perectly unique identity like that o
an honest customer. In contrast, the average merchant typically uses only
one or two o these tool dimensions. This our dimension approach not
only controls costs by detecting raud more accurately, but can also reduce
valid order rejection because more angles o validity can be applied. Do
you use tools in each o these areas?
Global Validation Services
Detectors in this category include the services that accompany U.S. card authorization (AVS, CVV), card association authentication
services like Veried by Visa and MasterCard SecureCode, as well as other validation databases such as those or delivery address
validation and telephone number validation. This is the most common category o detection tool usage and both best and average
merchants use these tools with nearly equal requency.
Single Merchant Purchase History
These detectors and rules evaluate orders based on single-merchant experience and insight. They include methods o evaluating
purchase velocity (number or value o orders within a certain timerame), placement o customers on negative or positive lists based
on order history, and use o other customer data known to the merchant that aids in validation.
Multi-Merchant Purchase History
Bygaininginsighttopurchaserbehavioracrossmultiplemerchants,risksystemscandetectidentitymorphing,combinationsofactivity
that signal increased raud risk, and purchase velocity on a wider scale (raudsters rarely limit behavior to a single merchant).
Purchase Device Tracing
The prevalence o identity thet has made it relatively easy or raudsters to submit orders with valid payment, shipping and billing
inormation, and thus spoo many o the available validation services. Today raudulent orders are highly camouaged and in many
cases look like valid orders. Research indicates increasing adoption o purchase device tracing detectors such as IP geolocation and
device ngerprinting. These can determine i the point o order origination is congruent with other address inormation, and i multiple
orders, having dierent purchase identities, are originating rom the same purchase device. These two raud tools rank among the top
three planned or adoption by larger Internet merchants.
Global ValidationServices
AVS, CVV (card brand services) Veried by Visa, MasterCard
SecureCode
Telephone/address validation
U.S. export compli-ance/DPL lists
Single MerchantPurchase History
Purchase velocity Positive/negative list
Other customer data
Multi-MerchantPurchase History Global purchase velocity
Identity morphing
Neural net modeling/score
FourDimensions
BoxFraudsters in
Purchase DeviceTracing Device ngerprinting
IP geolocation
7/30/2019 Insider Guide to e Payment Management
11/22
11
QuovasGeoPointmapsthelocationofover1.7billionassignableIP addressesonthe
Internet. According to Quova, adding IP address evaluation to order screening can
prevent an additional 70% o raud that would otherwise not be detected. Quovas
GeoPointisintegratedinCyberSourcesfraudmanagementportalalongwithotherthird
party services.
Device ngerprinting examines hardware and sotware characteristics o an Internet
device that are publicly exposed during the transaction, and creates a unique prole
o that device. This prole can then be used to correlate the consistency o identity
inormation originating rom that device. Note that in some markets, such as India,
consumers more commonly share computers and credit cards. Use and weight o device
tracing results must be tuned by market to render reliable results.
Tactic #15: Implement card association payer authenticationservices
A raud protection tool oered by the card associations involves cardholders
authenticating themselves online by entering a password during the checkout process.
These payer authentication services go by brand names including Veried by Visa,
MasterCardSecureCode,andJCBJ/Secure.Thecardassociationsprovideaninterchange
rate incentive or companies who implement and use these systems. More importantly,companies who use these payer authentication systems can oten shit the liability
or raudulent transactions back to the issuing bank. Some companies implementing
authentication systems nd that the liability insurance derived rom these solutions can
pay or the implementation costs in just a ew months o use due to lower interchange rates
and shiting the cost o raudulent charges to the card issuing banks. Note: MasterCard
SecureCodeisrequiredtoacceptMaestropaymentsinEurope.
We have seen that, because authentication adds a step to the checkout process, adoption
o these services varies by industry and product category. Currently, payer authentication
has enjoyed higher adoption in industries and product categories that cannot be as easily
cross-shopped or switched, such as airline ticketing. Note: These services have changed
dramatically rom their initial introduction. They now support an in-line authentication
prompt (vs. separate pop-up window) which better integrates with a merchants
checkout process and minimizes concerns over transaction suspension/abandonment.
Lost or orgotten passwords are no longer dead ends or consumers. They are simply re-
authenticated right on the spot.
Tactic #16: Implement real-time denied parties screening
I you accept orders rom outside the U.S. then you must comply with U.S. laws that
prohibit sales o goods or services to certain individuals or countries. I you extend credit
(e.g. installment payments) then domestic transactions also all within the scope o theseprohibitions. There are multiple lists o denied parties which are continuously updated by
several government agencies. Civil and criminal penalties can be imposed or violations (see
U.S. Treasury OFAC publication or more details regarding penalties and the U.S. Commerce
DepartmentBureauofIndustry&Securityforexportviolations).Stayingup-to-datewith
changes to these lists is possible via automated real-time services that monitor these lists
and check or compliance.
7/30/2019 Insider Guide to e Payment Management
12/22
12
Tactic #17: Adopt 2 stage, business-user controlled automated screening
Surveys show the best merchants are twice as likely as the average merchant to employ an automated decision system with a business
user console interace. These systems take the results and inormation produced by raud detection tools and, according to rules dened
by business managers or that product or product category, categorize the order or acceptance, rejection, or suspension or urther
review. Some systems include the ability to test rule impact beore placing them into production (running them in the background on
live orders). This permits assessment o rule impact on review rates and rejection rates to allow or urther tuning prior to actual use.
ORDERS
TEST MODE
LIVE MODE
1st StageAutomated
Screen
Business User Controlled
Automated Screening Rules
Manual
Review
Accept RejectAccept Reject
Review
Review
Accept/Reject
1
2nd Stage
Automated
Screen
2
3
2 Stage Automated Screening Process
Merchants using these systems cite aster response time to
raud trends, more accurate detection (and acceptance) and less
dependence on scarce IT resources. In addition, these systems
appear to oster scalability. Most online merchants manually
review a high percentage o incoming orders. Depending on
revenues, the average share o orders outsorted or manual review
can be as low as 15% to as high as 45% o total orders. As order
volume grows, merchants ace the prospect o adding additional
manual review sta or improving their automated order screening
process to manage the higher volume o sales. A business-user
controllable decision system is usually the component that makes
this leap in efciency possible.
An emerging tactic is to implement two stages o automated
screening prior to manual review. The rst is designed to use
detectors across the our dimensions o validation discussed
earlier. The second acts on outsorted orders meeting a certain
prole, employing detectors that may be too costly to use or al
orders. Using this strategy merchants are sending ewer orders to
manual review and thus increasing their ability to support greate
overall order volume with the same raud team.
7/30/2019 Insider Guide to e Payment Management
13/22
13
Device Fingerprint
Reviewers quickly see why order
was suspended for review
Reviewers actions logged and noted
Order data
Additional observations about
the order to aid review
Search by Name, eMail, IP Address,
Device Fingerprint, Account Number,
Shipping Address
Tactic #18: Use a case management dashboard
According to our research, over 50% o order screening costs
come exclusively rom stafng manual review operations, and
that rate continues to rise (expenditures on manual review sta
increased by 34% in 2007 over 2006). This creates a signicant
drag on scalability and ability to reduce cost o sales. The best
merchants are proactively addressing this trend via automated
screening enhancements and improvements that increase theproductivity o their review sta once an order is suspended or
manual review.
To increase productivity and the eectiveness o manual review,
the best merchants have adopted, at a rate nearly twice that o the
average merchant, a case management dashboard that presents
reasons or order suspension and all relevant order data on one
screen. Look to adopt systems that include additional workow
optimization eatures such as access to credit bureau inormation
rom within the dashboard and the ability to route cases based
on reviewer expertise.
52%
ReviewSta Cost
46% ofBudget
2006 2007
34% Growth in
Total $ Spent
FraudManagementSpending$
Review Sta Costs Consume LargerShareofBudget
Source: CyberSource Online Fraud Report
Case Review Screen
Tactic #19: Measure and monitor total raud loss
You cant optimize prots i you arent managing your costsin this case, the ull cost o raud loss. Our studies across hundreds o
mid-to large-sized merchants show that chargebacks account or only a portion o total raud loss (about 50%). The remainder take the
orm o reversals or credits issued directly to customers contacting your customer service centera chargeback is never initiated. I you
dont track this today, start working with your call center to gain visibility into credits issued due to raud and how that data can be ed
back into your raud management process to better automate and tune your systems.
7/30/2019 Insider Guide to e Payment Management
14/22
14
Processing Management
The way payments are processed ollowing acceptance and screening can impact costs andrevenue capture up to 10%. Key considerations include payment ailure management andmanaging interchange.
Revenue Liters
On average, 5-7% o payment authorization requests are declined. Approximately 20% o these
ailures (1.2% o all transactions) are temporary ailures, resulting rom the purchaser being at his
or her credit limit (but may have credit or cash available on alternatives), incorrect data input, o
a condition that can be reversed i the payment is re-tried within a brie period o time. Actively
addressing these conditions can help increase conversion and lit subscription retention.
Tactic #20:Authorize in real-time & prompt or alternative method
Batchprocessingexposesyoutolosingthe1.2%oftransactionsthatfailduetoconditionsthatcan be recovered i handled in real-time. The best merchants process in real-time and prompt or
authorization re-try (re-entry o payment data) i the processor decline is o a type that might reect
innocent data entry error on the part o the consumer. Similarly, i declined or insufcient unds, best
practice is to prompt or an alternative payment method rather than lose the order.
Tactic #21:Account updater and re-try logic or subscription billing
Statistics indicate up to 15% o subscriptions, i let unmanaged, risk termination due to temporary
payment ailures and attempts to bill against expired cards. Obviously no merchant leaves this
completely unmanaged. However, any payment ailure triggers action by your customer or custome
service representative. That ultimately shines light on the subscription which subjects it to termination
risk.Bestpracticesmerchantsimplementre-try logic (initiatingauthorizationattemptsatoptima
intervals ollowing the initial attempt) and account updater services to optimize retention. Accoun
updater services provided by the card associations automatically update accounts on record with
new inormation (account number and expiration date) when cardholder inormation is modied
You must work with your acquirer and processor to establish account updater services.
Tactic #22:Transaction caching and alternative routing
Todays payment systems are reliable, but occasionally processor systems are unavailable or Interne
routes to processors temporarily ail. The most sophisticated merchants have implemented exible
payment capabilities (systems and merchant account relationships) that allow them to re-route
payment requests to alternative processors, or cache and batch payment transactions or later
submission to avoid lost sales.
7/30/2019 Insider Guide to e Payment Management
15/22
15
Cost Savers
The best opportunity or cost reduction is active management o the actors that aect interchange rates (the
rate charged by the card association and your merchant account holder). Approximately 5% o transactions are
downgraded due to actors under the merchants control. The cost o interchange downgrades varies widely
depending on transaction details but can range rom an additional 0.45-2% o the total transaction amount.
Here are tactics you can use to reduce processing costs.
Tactic #23: Keep authorizations resh and accurateDowngrades oten occur due to authorizations being stale or a mismatch between the authorization amount
and the capture amount. Merchants who aggressively manage interchange use vendors or implement logic that
automatically rereshes the authorization and ensures synchronization between the authorization and capture
amount.Examples:
Intheeventofasplitshipment(onlypartoftheorderisshippedandbilledduetoinventoryconditions)a
resh authorization, i needed, is obtained or each capture submitted to ulll the order, to thereby ensure
that each captured transaction has a resh authorization and that the authorization and capture amounts
always match.
IfcaptureisrequestedagainstanauthorizationthatisolderthanXdays,afreshauthorizationisobtained
(the number o days varies by card brand, or example Visa is 7 days or eCommerce transactions).
Tactic #24: Supply complete processing data
To avoid downgrades, ensure you are passing all the data required to qualiy or the best rate. For example:
PasseCommerceMOTO/ECIindicatorforVisa,theBanknetRef#orauthorizationdateforMasterCard
SubmitbillingaddressinformationandrunAVS
PasscompletedataforLevel2cardprocessing(seerepresentativesamplebelow)
PasscompletedataforLevel3cardprocessing(seerepresentativesamplebelow)
DataRequiredtoQualifyforBestInterchangeRateon Corporate Purchasing Cards
Level III
1. Standard Transaction Detail
2. Tax Amount
3. Purchase Order Number
4. Order Level Data
ShippingAmount
DestinationZip
DestinationCountry5. Item Level Detail
ProductDescription
ProductCode
CommodityCode
Quantity
UnitofMeasure
UnitCost
LineItemTotal
DiscountAmount
Level II
1. Standard Transaction Detail
2. Tax Amount
3. Purchase Order Number
7/30/2019 Insider Guide to e Payment Management
16/22
16
Revenue Liters
Tactic #25: Challenge raud-related chargebacks
I youre not challenging chargebacks, youre likely missing a quick and eective way o adding
revenue and reducing costs. Research shows, on average, merchants win 40% o the raud-related
chargebacks they challenge, resulting in net recovery o 28% o all raud-related chargebacks
received. O course, experience varies by merchant and by type o goods sold, e.g. digital merchants
can nd it more challenging to prove delivery/fulllment. But the opportunity is well worth
investigating, both in your internal process and in your work with solution partners.
Collection & Reconciliation
This stage addresses optimization o your chargeback/re-presentment and payment reconcilia-tion operations. As merchants add more payment types, serve more markets, and use more pro-cessors, collection and reconciliation operations become increasingly complex and expensiveSavvy merchants are actively managing these operations to increase revenue capture and scaleoperations with less cost and complexity.
One out o Four Fraud Chargebacks Can be Recovered
Win Rate Net Recovery Rate
On average, merchants win 40% of
chargebacks challenged.
* Net Recovery Rate is expressed as a %
of all fraud-coded chargebacks received.
40%Re-presentments
Won
28%Chargebacks
Recovered
Source: CyberSource Online Fraud Report
Cost Savers
Tactic #26: Automate payment reconciliation
As you add payment types and currencies, reconciliation becomes increasingly complex and a
actor in your organizations ability to grow. In act, some merchants operating globally have policies
requiring that any payment type supported must be capable o automated reconciliation. Whats
the gain? Up to 90% o reconciliation operations can be automated by tying order data to payment
reports via unique payment transaction IDs. Some, but not all processors provide electronic data
eeds that can be used to automate reconciliation. Check with your processor or payment vendor to
determine availability.
7/30/2019 Insider Guide to e Payment Management
17/22
176Forrester Research Survey7ScanAlert/Petco Study
Payment Security
In todays world payment security is not just overhead or a PCI compliance issue, its a way olie. It has become a component o brand image and reputation. Online merchandising expertsnow highlight it as a key actor in sales conversion (checkout process). The best merchants capi-talize on this dynamic, and are employing speciic strategies to minimize the cost o maintainingpayment security in the process. Heres how you can do it.
Revenue Liters
Consumers are increasingly concerned about the saety and privacy o their payment data. The leading reason Internet
users cited or not shopping online is concern about giving credit card inormation over the Internet 6. The chart below
highlights the relative importance o things buyers consider when assessing online shopping security. The signal is clear.
You have the opportunity to build trust and lit conversion by merchandising payment security.
Concern Overall Canada France Germany Japan UK US
Familiarity with the onlinevendor or brand name
recognition
70.8% 80.5% 58.7% 74.8% 47.6% 83.1% 81.0%
Security lock symbol 70.6% 70.6% 84.8% 58.3% 49.2% 81.3% 79.5%
Certiication (e.g., BBB,
Verisign, or TRUSTe)53.9% 62.2% 50.5% 48.9% 36.4% 57.3% 68.2%
A smooth and easy checkout
process43.6% 41.9% 46.5% 36.2% 22.5% 59.7% 55.0%
URLs that have https or
shttps in the address39.4% 35.2% 43.9% 40.6% 23.8% 45.8% 47.5%
Source: Webroot Online Shopping Survey, October 2007 (N=3626)
Tactic #27: Merchandise payment security
Merchandising your payment security practices can lit conversion 4-32% 7. Also, the specic placement o the trustmark
(orsecuritymessage)furtherimpactslift.A/Btestingshowsthatthemoreprominentthemarkormessage,thegreaterthe
conversion impact.
+1.76% +6.3% +8.8%
BRAND
Trust
BRAND
Trust
BRAND
Trust
Trustmark Placement Impacts Sales Lit
Source: ScanAlert/Petco Study
Itisimportanttorememberthatshoppersenteryoursiteatmanypointsnotjustyourhomepage.Becausethebuying
process starts immediately, best practice is to merchandise payment security not just at checkout, but also within the
context o each page and at other key interaction points: email signup, registration pages, and privacy policy pages.
Secure Site Indicators (Percent o online shoppers who look or these indications o shopping security)
7/30/2019 Insider Guide to e Payment Management
18/22
188Ponemon Institute survey
Cost Savers
What does it cost to maintain security? It is estimated that the cost o a stolen customer record is
$1978. Multiply that by tens or hundreds o thousands o customer records and the nancial liability
is clear. More importantly, the cost to your brandloss o trustis even more signicant and harder
to recover. So, how do you maintain payment security at minimum cost? Previous practice has been
to identiy where payment data is stored, processed or transmitted and lock it down wherever it
mightreside.Emergingpracticeadoptsadierentfocus:centralizeandgetthedataout.
Tactic #28: Centralize payment systems
Leading merchants are centralizing payment systems across channels to minimize the number o
places payment data is stored, processed and transmitted. Doing so will enable you to ocus eorts
on securing the ew remaining places data is present. In this model, multiple payment channels are
enabled by a single, underlying system that supports processing, order screening and reconciliation
management across the payment channels. Remote secure data storage and hosted acceptance
(discussed in the ollowing tactics) are also compatible with this approach (a representative
architecture is shown below).
Management &AdministrationInterfaces
Centralized Payment Management
Processors
&Banks
Worldwide
PrimaryProcessor
Workow Engine
InternalSystems
Integration
PrimaryGateway
Integration
OtherProcessor
Integrations
AutomatedReconciliation
System
Remote PaymentData Storage
HostedForm/Fields
(Option)Payment
Info
POS/Kiosk
PaymentInfo
Call Center
Sales Channels
Merchant Systems
PaymentInfo
Web
Centralized Payment Management Architecture
7/30/2019 Insider Guide to e Payment Management
19/22
19
Tactic #29: Eliminate payment data storage
New philosophy: why accept the cost and risk to secure it, when you can get rid o it? Weve seen mid-sized, as well as multi-billion
dollar global merchants adopt systems and policies to rid their environment o payment data storage. Using this approach, payment
data storage is outsourced to a PCI DSS compliant payment supplier (ideally with PA DSS certication or the secure storage application
as well). The costs o securing data can be reduced in an outsource model since the overhead costs o data security are spread acros
many merchants.
In this model, instead o storing payment inormation on your companys systems, it is stored in PCI-compliant data centers residing
within the domain o the banking and processing network. Your order management system transmits the customers paymeninormation to the banking network at the time o initial payment acceptance. Your systems then receive the response along with a
payment token that can be used to reerence that transaction or any uture billing actions (credits, reunds, subscription billing, one-
click-buy models, etc.). Thus, all payment data is stored on banking and processing network systems. Your company stores only a secure
token that is useless to hackers or employees.
Tactic #30: Push payment data capture to your ser vice provider
To urther mitigate security risk, merchants are completely eliminating payment data contact with their systems by outsourcing
acceptance. You can use a PCI-compliant payment services supplier to host the payment data elds that appear on your checkout page
This can be implemented as an iFrame within your checkout page, or a ully hosted page. Using this approach your company neithe
handles nor stores payment data, thereby eliminating the burden and most o the costs o payment data security management.
PAY
32
41 Result &Token
AccountCreated &
Data Stored
Result(Auth=Y)(Auth=N)
Etc.
PaymentInfo
######
PaymentInfo
######
Payment Network
PaymentData
RemoteStorage
Corporate Systems
5
PAY
32
41 Result &Token
Data Stored
Result(Auth=Y)(Auth=N)
Etc.
PaymentInfo
######
PaymentToken
PaymentData
RemoteStorage
5
Secure Storage: Initial Transaction Secure Storage: Subsequent Transaction
7/30/2019 Insider Guide to e Payment Management
20/22
20
How Remote Storage and Hosted Acceptance Streamlines PCI Compliance
ByusingsecurestorageandhostedacceptancetacticsyoudramaticallystreamlinePCIcompliance.Completingtheself-assessment
questionnaire (SAQ) is reduced to a ew checkboxes, and noting that you comply with physical access control standards and maintain
an inormation security policy.
To review the SAQ A orm, or review additional inormation on PCI DSS compliance see the PCI Standards Council website a
www.pcisecuritystandards.org. Merchants accepting credit or debit card payments are required to be in compliance with the Payment
Card Industrys Data Security Standards (PCI DSS). The PCI DSS is a multi-aceted security standard that includes requirements o
security management, policies, procedures, network architecture, sotware design and other critical protective measures.
7/30/2019 Insider Guide to e Payment Management
21/22
21
CyberSource ePayment Management Services
Resources&Solutions
To nd inormation on CyberSources industry leading risk
management solutions, sel-paced webinars on decision
management, and other whitepapers on electronic payment
management, visit our Resource Center at www.cybersource.
com. For sales assistance phone: 1-888-330-2300; or e-mail:
CyberSource ePayment ManagementSolutions
CyberSource oers a comprehensive portolio
o modular services and tools to help your
company manage your entire payment
pipeline to optimize sales results. All are
available via one connection to our web-
based services.
Payment Acceptance 190+ CountriesAccept payments worldwide using a merchant account
rom your preerred provider or CyberSource: worldwide
credit and debit cards, regional cards, direct debit, bank transers,
electronicchecksandalternativepaymenttypessuchasBillMe
Later and PayPal. CyberSource also provides proessional services
to help you integrate payment with ront-end and back-ofce
systems.
Risk Management/Order ScreeningFraud Management Portal. A hosted rules and case managementsystem that interaces with over 150 validation tests and services
including: multi-merchant transaction history checks, worldwide
delivery address and phone verication, IP geolocation, purchase
velocity, identity morphing and custom data rom your systems.
Managed Services. CyberSource provides client services to help
you analyze, design and manage your order screening and raud
detection processeseverything rom screening strategies and
risk threshold optimization analysis to ongoing monitoring, order
review and chargeback management. Our managed services
include business perormance guarantees.
Payer Authentication. Veried by Visa, MasterCard SecureCode.
Processing ManagementCyberSource processes your payments in our highly available
datacenterslocatedintheU.S.,Europe,andJapan.Alldatacenters
are certied PCI-compliant and include sophisticated processing
management logic to help prevent payment ailures and rate
downgrades.
Collection & ReconciliationA ull array o online and exportable payment reporting capability
is available to streamline reconciliation activity. Further, systems
can be installed to automate up to 90% o the tasks associated
with payment reconciliation and chargeback re-presentment.
3 Managed Services
2 Design & Installation
1 Systems & Services
PAYMENT SECURITY
Order
Screening
Collection&
Reconciliation
Global Payment
Acceptance
Processing
Management
L A S E R
B a nk
Tr a ns f e r
Direct
Debit
ORDER
t0OMJOF
t$BMM$FOUFS
t*73
t,JPTL
t104
t&31
8JUI1FSGPSNBODF
(VBSBOUFFT
Payment SecurityRemove Payment Data From Your Network. CyberSource provides secure
storage and hosted payment acceptance services that let you
process without storing or even transmitting payment data. A great
way to streamline PCI compliance and mitigate security risk.
Payment System Centralization. Our team o experts will help you
consolidate multiple payment systems into a single, easy to
manage system. Optionally, CyberSource will also host, support
and manage these systems in our secure datacenters.
PCI Planning & Remediation. CyberSource provides PCI compliance
consulting and remediation services, as well a complimentary PC
vulnerability scanning services to help you maintain compliance.
Proessional ServicesCyberSource maintains a team o experienced payment
consultants to assist with payment systems planning, system and
process design, and implementation and integration. Our client
services team is additionally available to help you monitor, tuneor ully outsource portions o your payment operations.
7/30/2019 Insider Guide to e Payment Management
22/22
About CyberSource
CyberSource Corporation is a leading provider o electronic
payment, risk and security management solutions. CyberSource
provides payment management solutions or electronic
payments processed via Web, call center, kiosk, mobile and POS
environments. Services include hosted systems to help you
manage electronic payments, as well as proessional services
to help design, integrate and ully manage parts or all o your
payment operations. Over 200,000 businesses worldwide use
CyberSource solutions, including hal the companies comprising
the Dow Jones Industrial Average and leading Internet brands.
The company is headquartered in Mountain View, Caliornia, andhas sales and service ofces in Japan, the United Kingdom, and
other locations in the United States.
North America
CyberSource Corporation
1295 Charleston Road
Mountain View, CA 94043
T: 888.330.2300
T: 650.965.6000
F: 650.625.9145
Email:[email protected]
Europe
CyberSource Ltd.
The Waterront
300 Thames Valley Park Drive
Thames Valley Park
ReadingRG61PT
United Kingdom
T: +44 (0) 118.929.4840
F: +44 (0) 870.460.1931
Japan
CyberSource KK
3-11-11 Shibuya, Shibuya-ku
Tokyo, 150-0002 Japan
T: +81.3.5774.7733
F: +81.3.5774.7732
Email:[email protected]
For More Information
Call: 1.888.330.2300
Email: [email protected]
Visit: www.cybersource.com