Cybersource, which provides payment processing, fraud management and payment security solutions to approximately 295,000 merchants, processes about 25% of ecommerce transactions in the U.S. Its merchants include British Airways, H&R Block, Nike, Facebook, Google and Home Depot.  Cybersource processed $120B through Visa in 2009 and 90% of its revenue is in recurring business.  Is Visa crossing the line into merchant processing, where they would reap revenues from transaction processing services as well as from the assessments it charges to merchants?  Not according to Visa.

“PayPal has 78 million accounts in 190 markets around the world.”

During a conference call held on April 21, Visa discussed how their strategic focus will be on “growth in the ecommerce sector by increasing the usage of Visa core products, using Visa’s client relations to drive global expansion, building on CyberSource’s merchant relationships to grow Visa ecommerce solutions and delivering best-in-class fraud management and data hosting solutions”.  According to Visa Chairman and Chief Executive Joseph Saunders, Cybersource wants to expand into the international market, primarily Latin America and Asia, through Visa’s global presence.  Last year, only about 8% of Cybersource’s revenue came from outside the U.S.

Visa is trying to find ways to compete with other ecommerce companies, such as PayPal, who has 78 million accounts in 190 markets around the world.  Although Visa has a strong global presence, the company wants to expand into global ecommerce markets where mobile payments are becoming more mainstream, primarily due to the lack of infrastructure for processing card payments.  Cybersource will help them get there with its strong foothold in mobile payment systems.

Ecommerce is a hot area for many companies trying to expand globally.  MasterCard’s next CEO, Ajay Banga, identified emerging markets and ecommerce as priorities for the company and it has created a new global research and development unit for that purpose.  MasterCard also recently revealed that it is opening up an online mall (“MasterCard Set to Open an Online Shopping Mall“) and Walmart is increasing its global ecommerce efforts (“Wal-Mart Ramps Up Online Efforts Globally“).

Visa is also planning to roll out their new Right Click by Visa product – which will enable consumers to comparison shop online, solicit feedback from friends, and checkout faster – sometime this summer.  Moving towards the year 2015, Visa’s strategic goals include “global diversification, entering new businesses, growing VisaNet transactions, and becoming a global top 75 company through market growth”.  Currently, 59% of Visa’s revenue comes from U.S. consumers.

For those concerned about Visa crossing the line into the acquiring world, sit tight.  On the April 21 call, they cleared the air by stating that Cybersource will move out of the processing business, referring merchants to financial institutions that partner with Visa.

A copy of the presentation used on the April 21 conference call can be found here.

Operating Guideline Changes

Visa and MasterCard both instituted changes in their operating guidelines in response to consumer disputes about card not present transactions and direct response products and services.  MasterCard’s actions followed policy changes from Visa regarding descriptor formats and disclosure of corporate entities related to direct response offers.  While the changes concern online marketers and merchants, they also affect direct mail and telephone marketing businesses.

“Remember the Columbia Record Club?  They are a prime example of negative option marketing, which shows that it has been around a long time.“

MasterCard communicated their “Direct Marketing Best Practices” guidelines to their acquirers and direct response marketers to further enforce compliance.  The guidelines focus on terms disclosure,  trial offers, marketing, endorsements and testimonials, affiliate marketing (CPA) networks, billing timeframes, refund policies, back end offers (up-sells, cross-sells), descriptors, order fulfillment, and customer service.

Of course these changes are meant to protect the consumer.  However, any business affected by these changes should think positive.  Consumer complaints can turn into negative publicity (and subsequently, reduced revenue) for any company.  Let’s not forget increased chargeback ratios, which no merchant desires.

A Little History

The Federal Trade Commission (FTC) was created in 1914 to prohibit unfair competition and practices in commerce.  The agency enforces laws targeting specific marketing practices and product promotions, such as environmental claims, free products, mail and telephone orders, and negative option offers.  Section 5 of the FTC Act prohibits unfair and deceptive practices – more specifically, advertising and marketing, in any medium, to consumers.  Section 5 describes a product or service as deceptive if it misleads the consumer or affects consumer behavior.  Additionally, product claims (i.e. “xyz product” prevents illness) must be substantiated, especially if they concern health, safety or performance.  The key marketing principles listed in the Negative Option staff report are meant to guide the industry in compliance with Section 5 of the Act.

“The FTC Act prohibits unfair or deceptive advertising in any medium”

The FTC also implemented changes to its Guides Concerning the Use of Endorsements and Testimonials in Advertising in December, clarifying that “advertisers are subject to liability for false or unsubstantiated statements made through endorsements, and that endorsers also may be liable for statements made in the course of their endorsements.”

California Is Taking Action As Well

On a similar wavelength, a new bill, SB 340, regarding automatic renewal and continuous service offers was signed into law in October in California.  SB 340 came to light following a 2006 lawsuit against Time, Inc., for automatic renewal offers and solicitations.  Twenty three states received complaints from consumers, which resulted in an extensive investigation.  Time was billing or automatically charging consumers’ credit cards for magazine subscriptions without consent.  The company had changed their renewal policy and instead of subscribers actively renewing, they instead required subscribers to actively cancel their subscriptions.  Else, the renewal was automatic. The renewal policy always appeared in fine print and was not clearly stated.

SB 340 requires businesses to state “clearly and conspicuously” the renewal terms and obtain the subscriber’s approval at the time of purchase.  Clear and conspicuous is defined as “in larger type than the surrounding text or in contrasting type, font or color.”  In the case of telephone marketers, the audio disclosure must be “audible and understandable.”  It also requires the inclusion of a cancellation policy with the renewal offer and an easy way for the subscriber to cancel.  The bill goes into effect on December 1, 2010.

Per the FTC Act, sellers are responsible for product and service claims.  Third parties, such as advertising agencies, web site designers and catalog marketers, can also be found liable for product deceptions and unfair competition practices.  Those found to be non-compliant could face enforcement by the FTC as well as civil lawsuits.  Punishment includes cease and desist orders, fines up to $16,000 (per violation), federal injunctions, and consumer refunds.

Additional Resources:

• Direct Marketing Best Practices
• FTC Negative Option staff report
• FTC staff paper, Dot Com Disclosures, about online advertising
• FTC Guides Concerning the Use of Endorsements and Testimonials

A Little History

The PCI Security Standards Council (PCI SSC) was formed in December, 2004 by the major card brands (Visa, MasterCard, American Express, Discover and JCB) to educate and enhance the security standards in the credit card industry.  Prior to 2004, each card company had developed their own set of data security standards programs:

• Visa – CISP (Cardholder Information Security Program)
• MasterCard – SDP (Site Data Protection)
• American Express – DSS (Data Security)
• Discover – DISC – (Data Security Guidelines)

Some of the requirements were redundant and merchants were confused as to which one to follow. Even if a merchant only accepted Visa and MasterCard (bundled together in merchant processing agreements), there were some differences in each of their security programs. The agreement within the council was that if a merchant is CISP compliant, all the other card companies would consider the merchant to be compliant. After all, Visa has been the principal initiator for compliance over the years, with the other companies following suit with their own flavor. Additionally, the council agreed upon a uniform set of standards (PCI DSS) to simplify compliance for merchants.

The Standard Today

The PCI DSS (Payment Card Industry Data Security Standard) is the generalized term for PCI compliance today and governs all payment channels – retail (swiped), mail order, telephone order and e-commerce. It is divided into 12 security requirements, originally developed by Visa in 1999 (known then as the “digital dozen”).

The Standards Security Council does not validate PCI compliance or impose fines for non-compliance. What they do is own and enforce a uniform set of data security standards as well as provide training and certification for Qualified Security Assessors (QSAs) and Approved Scan Vendors (ASVs). The QSAs and ASVs exist to validate compliance and to interpret the PCI DSS for merchants and acquiring banks. On the flip side, each card brand has outlined specific fines for non-compliance and merchants are fined accordingly. For example, Visa imposes a $5,000 fine for a mid-sized retailer who is not in compliance with the PCI DSS. The good news is that in January of 2008, according to Visa, more than three-quarters of large U.S. merchants, and nearly two-thirds of medium-sized retailers, are in compliance with the Payment Card Industry Data Security Standard (PCI DSS). To further promote PCI DSS, Visa has also imposed financial incentives for compliance.

Although important for merchants to follow the current compliance standards, it is more important for merchants, software developers, payment processors and acquirers to be proactive in data security. Hackers will always be out there trying to break in, even if just to say they can do it. The PCI SSC is doing a good job, but I give kudos to anyone staying one step ahead of the game. Be a leader, not a follower.

Overseas, many organizations have formed campaigns against Visa and MasterCard. In Canada, ad campaigns are being run by The Retail Council of Canada telling Visa and MasterCard to “stop sticking it to retailers.” The Retail Council of Canada is a non-profit association that represents more than 40,000 stores of all retail formats.

In Europe, ongoing Interchange battles have reached boiling points. EuroCommerce, the retail and wholesale governing body, is accusing MasterCard of raising interchange rates 160% after the release of MasterCard’s new interchange fee structure. On December 19^th, 2007, an agreement was signed prohibiting MasterCard’s multilateral interchange fees (MIF). These fees apply to almost all cross-border card payments in the European Economic Area (EEA). This card type was prohibited because it is said to inflate the base on which acquiring banks charge. Since 85% of businesses accept these card types in Europe, it is said to potentially harm businesses and their customers. Naturally, MasterCard will raise other card type fees in order to compensate for money lost on fees from MIF.

Australia has already won their battle against interchange. Fees in Australia are capped, and in some cases they pay half a percent. Of course lower interchange rates, in my opinion, have been the result of fear. Card associations are afraid that regulations will be imposed if they do not lower their fees.

It’s only a matter of time before Visa and MasterCard will have similar regulations imposed upon them. But, are these fees price gauging or just a fair network of profit? It seems to me that we are all happy with our sky miles and rewards point, but are oblivious to where money for these rewards comes from. The people that are coming up with these regulations could be forgetting we are in a capitalistic society. Would we haggle over the price of our dinner at a high end restaurant saying the restaurant charged too much, after we already read the price on the menu? Merchants are aware of the rates they are going to pay before they sign their agreements. Perhaps we need to do a better job of educating merchants about Interchange fees and what they are used for.

Both companies have a lot going for them.  They are (even in today’s economy) considered to be excellent stocks with prospects of a bright future. They have an excellent product in a world moving to cashless options. Visa has gotten a great deal of attention because of its IPO earlier this year. It is my opinion that both companies have exploded from their respective IPOs, but MasterCard still remains the more stable bet.

Here are some things to consider:

Keep in mind that Visa and MasterCard are technology companies.  They are not responsible for any credit card losses due to unpaid bills. Both MasterCard and Visa just facilitate the transactions. The banks, such as JPMorgan Chase and Bank of America, are responsible for the debt. Even though Visa is twice the size of MasterCard, don’t let that be the deciding factor on which of these two giants is better overall.

Here is something most may not know about Visa. Visa left its most lucrative market out of the shares you and I bought when they went public – I am referring to their European market. Europe is now under one currency and growth is anticipated since intercountry commerce has been made easier. Visa Europe is still owned by European banks, and operates as a licensee of Visa you can purchase stock in. With MasterCard, you purchase European operations when you purchase stock.

So why do I lean toward MasterCard as the wiser and more sound investment? MasterCard enables you to get a piece of the very lucrative European action. Also, many analysts say that say that MasterCard’s growth will soon move far ahead of Visa.

Although many large retail chains such as Regal Cinemas and McDonalds have the technology available, the process has been put under a great deal of scrutiny because it is said to be more susceptible to identity theft and other types of fraudulent activity. The devices are easily hacked using a wireless frequency. Regardless of the security risks, all the major credit card companies were ready to get their piece of the action. In July of 2005, AMEX launched ExpressPay, which was quickly ditched because of a lack of response by consumers. The Discover Network released its Zip technology, Visa Inc released payWave, and MasterCard has PayPass.

MasterCard Mobile recently released its Secure Set-up for MasterCard PayPass on mobile phones. They call this the Over-the-Air Provisioning Service, and it is the first program to enable issuers to perform over-the-air personalization of their cardholders’ mobile devices. Mobile MasterCard PayPass enables mobile devices to perform payment transactions at merchant locations with PayPass enabled point-of-sales terminals. In order for account holders to use their mobile phones to make purchases, their mobile phone must be equipped with Near Field Communications (NFC) and a mobile data subscription. First, the PayPass application is downloaded onto the consumer’s mobile phone. The application is available through their issuing banks website. Then, the PayPass application is personalized with the consumer’s individual account details.

With the wide range of savvy hackers out there, it may still be hard for consumers to feel safe about the contactless payment technology – whether it be on a mobile phone or on a credit card. As for merchants, my advice is hold of off on buying your contactless equipment just yet.

Previously, I have talked about Google’s Android platform working with Visa on a service that sends you an alert if any payments have been made on your Visa card. This is great in helping to protect against fraud, and will also help in locating ATMs, but I don’t consider this to be a new technology.

In 2007, Visa partnered with Qualcomm, a wireless chip developer, to create technologies that allow consumers to make credit card transactions with a cell phone and a reading device. This would add another way for wireless carriers to make additional revenue by being paid a percentage of the transaction.

Now in 2008, in Brazil, Visa announced the availability of remote payments by Banco do Brasil. The service allows Visa cardholders to pay with their mobile device and confirm the transaction via text message. In Korea, T-Money provider Korea Smart Card Company, card issuer Shinhan bank, and Korea Telecom Freetel have partnered to make it possible for commuters to add funds to their T-Money balance automatically on their cell phones. T-Money is a rechargeable card used to pay for the Korean transit system.

Here in the United States, Visa is in a pilot program with Chase Bank to provide personalized offers sent to cell phones via SMS text giving discounts and special deals from online merchants. I wonder if standard text rates apply to this. I am not a big fan of this program but I can see how it can enhance advertising for businesses.

Visa is also working on providing NFC (Near Field Communication) with several large banks across the United States. NFC is a short range high frequency wireless communication technology that enables the exchange of data between devices. This technology is most frequently used for mobile phones.  This technology is also in its pilot stages in France with “Payez Mobile” and in Spain using “payWave”.

Is this mobile technology going to cause an increase of stolen cell phones and future security issues? Is cell phone payment technology going to be the way of the future?

Visa and MasterCard are under the gun in Congress as well, for price-fixing and price gauging practices. The Credit Card Fair Fee Act (HR 5546/S 3086) stops the price fixing by Visa and MasterCard by insisting upon the use of a transparent market-based process. Some may say these are anti competitive practices, while others speculate that regulation is necessary.

Competition is what makes our economy thrive. Are Visa and MasterCard really getting too big for their britches, or are they trying to keep things secure and regulated? Visa responds that “HR 5546 remains and anti-consumer bill that would mandate unnecessary regulatory intervention into a fiercely competitive industry that is benefiting consumers, merchants, and financial institutions.”

While merchants out there are probably cheering on the intervention of Congress, this may not be a great thing. The card processing industry is complex and involves more than just the rate a merchant is paying. The Credit Card Fair Fee Act allows merchants to negotiate Interchange rates, which could cause merchants to lose out on the service, customer support, equipment upgrades, and personal attention that their card processing company provides. Visa and MasterCard are not going to provide any extra services if negotiations occur; in fact lower Interchange rates will probably cause the opposite effect.

Several new categories will take effect October 3^rd, 2008. Debt Repayment, Government to Government, and Tax Payment are some of Visa’s new categories.

• Debt Repayment -This category allows agencies that take payment for auto loans, student loans and mortgages to pay a lower rate. This Interchange category does not apply to past due debt such as items in collections.
• Pay at the Pump – This fee is a reduction. Consumer credit cards used at gas pumps have been lowered by as much as .50 basis points. Prepaid gas cards will also now be to “Partial Authorization.” Some examples of these types of cards are Shell Cards and Wright Express cards.
• Tax Payments – This program is a requirement for all merchants. There will be no cost for the program until April 1, 2009, but a convenience fee may be assessed. This fee may vary for consumer credit cards and commercial credit cards. For consumer debit transactions, a flat fee may be assessed and cannot exceed $3.95.
• Government to Government – This category has gone up by .25 basis points for transactions over $8,750. The $5,000 minimum has been removed and Level 2 and Level 3 data is not required.

MasterCard has not announced any major additions yet, but reports say that there will be increases in PIN based debit rate for the Maestro debit network. Grocery and Warehouse merchants will be billed at $0.28 per transaction. Other retail transactions will still be billed at .75% and a 0.175 per item fee. MasterCard is also eliminating QSR and Retail maximum PIN debit rate categories.

I will have more updates on rate increases and decreases in future posts.

I am continually shocked by the number of Visa and MasterCard violations made by merchants I shop with a daily basis.

Here are a few mistakes I’ve personally witnessed merchants make:

1.       Many cards say “Check ID” on the back instead of a signature, because many consumers feel that not signing the back of their card will make it harder for their signature to be forged. Merchants typically ignore the fact that the card says “Not Valid Unless Signed.”

2.       There are no direct rules that keep a merchant from asking for a cardholder’s ID. A merchant cannot refuse to complete a purchase because a customer does not have valid ID. In most contracts that I have read between a merchant and their acquirer, merchants are required to follow specific Visa and MasterCard procedures. The ones I have reviewed clearly state in the terms and conditions of the agreement that a merchant is prohibited from refusing a sale due to a customer not having a valid ID.

3.       I eat lunch at many places that say I have to purchase a minimum amount in order to use my credit card.  It is actually in violation of the credit card companies’ terms and condition to refuse a transaction because it is below the “minimum”. Both MasterCard and Visa clearly state that a maximum or minimum transaction amount cannot be a requirement when accepting cards.

4.       You may have noticed gas stations charging a surcharge on credit card transactions. I often get calls from merchants asking to add a surcharge to offset the cost of taking credit cards. According to Visa’s card acceptance guide you many not charge a consumer a fee because they used a credit card. You can however offer them a discount for paying with cash or a gift card. There can also be convenience fees that can be charged to consumers who choose to place a telephone order or an internet order. This fee can’t be a percentage of the sale – it must be a flat amount, and it must be disclosed to the customer before it is assessed.

5.       Factoring is strictly prohibited by the card associations. You must process cards only for the type of business your merchant account is under. For example, I had an auto body shop that one day decided to fix abandoned cars. The merchant started to sell the cars in a lot they purchased next door. In this case the merchant should have opened a second merchant account. Their funds were held and their account was almost shut off.

Merchants found in violation of Visa and MasterCard rules can be reported by completing a violation form with either the bank that issued the customer their card, or on Visa or MasterCard’s website. Merchants can be fined or shut down. Make sure you do research before you decide to create and post a store policy, so you can avoid getting reported for violating card association rules.