February 11, 2008 • Issue 08:02:01

Gift card muscle flex

By Max Sinovoi

ift cards have long been my favorite value added solution. When you mention stored value, gift cards jump to the minds of most merchants. Gift cards store value very well and usually permanently. Name any other product that is purchased and then often goes unused. Go on, I dare you.

The Tower Group Inc. estimated Americans spent $97 billion in gift cards in 2007. Most likely, you received at least one card between your last birthday and the holiday season. And the holidays slightly edged out birthdays for the number one reason for gift card purchases. Mother’s Day, Father’s Day and graduations are also some of the biggest gift card selling days of the year.

Imagine what the initial group of merchants must have thought when they first heard of the gift card idea. MLSs gave them the bare facts: The cards are paid for upfront; 20% of consumers never use cards given to them; 50% use their cards only a few times within a year of purchase.

With such extremely favorable statistics, how many of your merchant customers would turn down offering gift cards? Not many, I believe. Gift cards can be one of the best things to ever happen to a merchant’s cash flow. This is why I truly feel that gift cards are an underrated service. They can increase merchants’ sales, while merchants may never have to exchange the value on the cards for merchandise.

Feeling the bulge

Gift cards can generate sizable profits for merchants. Most research shows that two-thirds of all holiday shoppers planned to give someone else a gift card this past holiday season. According to Comdata Corp.’s adult card study, the average amount for a gift card purchase is $45.

The Tower Group’s research placed breakage, the industry’s term for card value that was purchased and never redeemed, at $7.8 billion for 2007. Best Buy Co. Inc. had the highest amount of breakage at $16 million. A recent article in The New York Times stated $3.5 billion in gift cards went unclaimed during the 2007 holiday season alone.

There is also what retailers call up-spending: Most customers who use their gift cards often spend some of their own money to purchase merchandise that is more expensive than the value of their cards. Of those who receive cards, a whopping 51% spend more than the cards’ initial values.

One of my favorite gift card facts is that merchants retain any unused balance, depending on state laws. For example, Vermont consumers can only cash out cards if the value is less than $1. (For more information, see “California chomps on gift card leftovers,” Jan. 14, 2008, issue 08:01:01)

With the older relative of the gift card, the paper certificate, cash was given back if the purchase was under the value of the certificate. There are quite a few states that require the merchant to give back cash if the value on the card is under $5.

Gift cards are also far safer than gift certificates because they are harder to counterfeit. And if a box of gift cards gets lost or stolen, the merchant need not worry: Cards can only be activated at the POS terminal.

According to KeyCorp., switching from paper certificates to plastic can result in two to four times the average revenue growth because plastic cards are more visible and widely publicized. Additionally, carrying around a gift card that has a brand name on it gives merchants another opportunity to advertise.

Holding strong

Gift cards can do an amazing job of enhancing merchant retention. We all know the more value added services your merchant has, the lower your attrition.

Evidence has shown that merchants with gift card programs switch processors with 50% less frequency. And with recent law changes concerning gift cards, many merchants find it difficult to leave their current merchant service provider because gift cards with existing balances must be honored.

The real opportunity to offer gift cards is with your installed base of merchants. It’s fairly cheap and easy to sell to merchants with whom you are already doing business; you can make a case that the value added service will increase their sales.

If they are satisfied with the products you’ve given to them thus far, chances are they’ll take your suggestion and add gift cards to their sales floor. Some companies now offer basic cards in addition to customizable cards – designed with logos, pictures, lights, music and so forth.

Basic cards appeal to mom-and-pop merchants looking for the lowest cost to offer gift cards. These programs are great for merchants who aren’t interested in purchasing a gift card package until completing a trial run.

Some MLSs offer the first bulk of basic cards for free to all merchants as bait. This helps get merchants hooked on the cards’ revenue and benefits. Then MLSs steer them toward investing in gift card packages. This is when they mention that gift cards also capitalize on impulse purchases. Merchants who set up grab items at the POS are more likely to sell a gift card and a small item – maybe a stuffed animal, lip gloss or candy.

Online reporting and many new custom, interactive designs, such as cards that double as kaleidoscopes, have been added recently to give merchants more power and flexibility when choosing what gift cards to sell to their consumers.

If you don’t sell gift cards to your merchants, others will. If that happens, your merchants will likely leave you and take their businesses to competitors with more enticing offers. Why take that chance?

Gift cards pack a punch in the payments industry, especially in the profit margin.

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.

Hi,

Lately I have been doing advance funding using credit card future sales. I have now found three sources that I feel comfortable with and feel are the best. Each one has it’s own specialty that I can match my clients up with. While you often can qualify for more money as a rule of thumb figure that you can receive an advance equal to your average one month volume of MC/Visa sales. In other words if you do about $25,000 monthly MC/Visa you can receive in a few days funding of $25,000.00.

I want all of my merchants to use utmost caution when borrowing money. Make sure you have exhausted your conventional sources first because the rates are higher for cc advance funding. The rates will vary according to your credit. However it can make sense for the right situation. I just had a merchant use the funding to buy almost new equipment for a fraction of what it is worth. He will be able to turn a nice profit on his purchase. In this situation it makes sense.

For more info go to http://paymentconsulting.net/adv_funding.html

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.

AddMe – Search Engine Optimization

Hi,

Amex has never charged a monthly fee before for it’s regular accounts. It’s been officially 7 months now but they didn’t actually start until 3 months ago. This charge came to the best of my knowledge unannounced.

They are now charging $4.50 per month per merchant account.

To get it removed you should call 800-528-5200 /key in your merchant account # and than keep pressing “0” to wade through the multiple voice prompts.

Tell the rep that you weren’t aware of this new charge and do not need paper statements. They will enroll you for their website and to also receive your statement by email. Make sure you find out how many months you have been charged and have them rebate the charges.

You can also enroll on their website below but you won’t than get to ask to have the $4.50 monthly fees you’ve already been charged rebated.
https://home.americanexpress.com/homepage/merchant_cm.shtml

Bill

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.

Hi,

This is the best single thing I’ve ever seen that shows what happens when a cardholder (justifiably or not) calls their bank to do a chargeback. Contrary to popular opinion your processor doesn’t give up without a fight and does (or should) check for validity and to see if you’ve already issued a credit.

However if they can’t automatically reject it the ball’s in your court and you must fill out an answer and include all possible documentation. It’s just a sad fact of life that a cardholder can often get their bank to roll over and issue an unfair chargeback.

If your response does not succeed and the sum is large enough I do work with a consulting firm that specializes in chargebacks and can also recommend attorneys that specialize in cc law. As you can see the card holder and card issuing bank can be pushed to arbitration and whoever loses can be liable for all arbitration fees.

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.

CB_RetrvlProcessFlowChart.pdf 38K View as HTML Download

Hi,

I have been fortunate to establish a relationship with the finest company involved in the international markets.Global Collect http://www.globalcollectusa.com/

They take all of the hassle out of setting up foreign processing and all at very reasonable rates.

Global Collect is the only global payment processing provider that provides both credit card and alternative payment processing in over 50 local currencies, and 120 countries worldwide. Their Web Collect Platform is the broadest global payment network available through a single technical and financial interface.

Let me know your level of interest

Hi,

Below please find a PCI security theft update. Please note PABP for programmers & mandates for January (that would be now!), July and October.

Visa, PCI council make security move

By Michael Petitti
TrustWave

Editor’s Note: A version of this article originally appeared in the December 2007 issue of Trusted News, a TrustWave publication.

B e prepared. Two major announcements made in recent months will send merchants scrambling to their payment application vendors and merchant level salesperson (MLS) for guidance and clarity.

Visa Inc. and the Visa’s Payment Application Best Practices (PABP), it’s likely that a great number of these compromises would not have occurred.

Visa created PABP to prevent payment card compromises by guiding software vendors in developing payment applications that support a merchant’s compliance with the PCI Data Security Standard (DSS). The PCI SSC and Visa detail plans to unify a payment application security standard and begin enforcing the use of adherent applications.

Total takeover

The PCI SSC took over management of PABP in November, and renamed it the Payment Application Data Security Standard (PA DSS). New standards are expected to be released by the first quarter 2008. (For more information, see “Farewell PABP, hello PA DSS,” The Green Sheet, Nov. 26, 2007, issue 07:11:02 )

While the PA DSS is based on the PABP and remain similar, feedback received from various stakeholders may alter the PA DSS slightly. While these differences will impact software developers, merchants will not likely be affected.

Merchants will not need to look into the detailed requirements of the PA DSS or comply with it per se – applications developed for internal use only must still comply with the PCI DSS. Merchants only need to ensure that the payment applications they use are certified as PA DSS compliant. (For a list of validated, PABP-adherent payment applications, visit http://usa.visa.com/download/merchants/validated_payment_applications.pdf )

Once the transition is complete, the PCI SSC will maintain the list of validated applications. MLSs should ensure that the payment applications they offer are on this list. If not, MLSs should consider removing the offering from their portfolio of products.

As with the PCI DSS, the council will maintain its position as governing body of the PA DSS. Enforcement will continue to fall under the authority of the individual card brands.

While the transfer of the PABP standard to the PCI council will increase awareness of payment card security and increase adoption of secure payment applications, Visa’s recent announcement will probably have a more immediate effect on your merchant customers.

Calendar of events

In October, Visa set forth a plan to mandate merchants’ use of PABP-adherent (now PA DSS-adherent) applications. The plan entails a number of deadlines set by Visa to eradicate the use of vulnerable payment applications and payment applications that do not adhere to the PA DSS.

While the deadlines for the program are set for acquirers, VisaNet processors and agents because these organizations stand above merchants in the payment card acceptance process, the deadlines also apply to merchants.

Following are the specific mandates and deadlines Visa established:

* Jan. 1, 2008 – Merchants cannot use payment applications identified by Visa as vulnerable. For a list of these vulnerable payment applications, contact your acquirer.
* July 1, 2008 – VisaNet processors and agents cannot grant access to their network to new payment applications that are not PA DSS certified.
* Oct. 1, 2008 – Newly boarded level 3 or 4 merchants must prove their PCI compliance or use PA DSS-adherent payment applications.
* Oct. 1, 2009 – Payment applications identified by Visa as vulnerable will be decommissioned from the Visa network.
* July 1, 2010 – Merchants must use PA DSS-adherent applications to accept Visa transactions.

Field of queries

It’s likely that a number of current customers or potential customers will have questions about the new requirements.

Here are talking points to remember during these discussions:

* The PA DSS does not supplant the PCI DSS.
* The PA DSS supplements the PCI DSS.
* The card brands will continue to require that merchants continue to comply with the PCI DSS.
* Visa is the only card brand thus far that will require the use of PA DSS-compliant payment applications, but other card brands are likely to follow.

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.

Most merchants already know that FACTA says credit and debit card receipts may not include more than the last five digits of the card number. But now they have mandated thatt the card’s expiration date may not be printed on the cardholder’s receipt.However, the effective date of this provision is a long way off, and there are a couple of loopholes:

	This section does not apply to receipts for which the sole means of recording a credit or debt card number is by handwriting or by an imprint or copy of the card.
	For machines in use before January 1, 2005, the merchant has three (3) years to comply.
	For machines in use after January 1, 2005, the merchant has one (1) year to comply.

If you process through regular telephone lines you at least have to fill out a simple questionnaire every year. If you use an IP connection you need to follow the below requirements. The questionnaire is at https://www.pcisecuritystandards.org/tech/supporting_documents.htm

There is a lot of confusion about the ever changing PCI security compliance requirements. Much of it is posturing by the credit card associations to a public concerned about identity theft. The truth is the card associations are putting the onus on merchants. They are doing that with the below requirements which if you don’t do and you are singled out MC/Visa will fine you through your processing bank to make sure they have someone who will roll over and pay the fine. The bank who has a hammer over your head because you are processing through them will than turn around and collect the entire fine through you. If you try and change processors to avoid paying the entire fine they will put you on the MATCH list and you won’t be allowed to open a merchant processing account anywhere in the USA. Suffice it to say that you don’t want to be the next merchant in the news for having your customers credit card info compromised. Read the below. Many of you will fall into the Level 4 category so the requirements aren’t too bad. This is directly from Visa’s website to assure accurate information.

(direct link)
http://usa.visa.com/merchants/risk_management/cisp_merchants.html

Merchants

Compliance validation details for merchants

Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard (DSS) requirements; however, merchant compliance validation has been prioritized based on the volume of transactions, the potential risk, and exposure introduced into the payment system.

PCI Compliance Acceleration Program Visa developed the PCI Compliance Acceleration Program to provide financial incentives and establish enforcement provisions for acquirers to ensure their merchants validate PCI DSS compliance. In accordance with the PCI Compliance Acceleration Program, acquirers must additionally ensure that all Level 1 and 2 merchants validate that prohibited data is not retained by submitting a completed Prohibited Data Retention Attestation form OR Confirmation of Report Accuracy form to their acquirer. The Merchant PCI DSS Compliance Update highlights compliance progress for level 1, 2 and 3 merchants.

On this page

• Merchant levels defined
• Compliance validation basics
• Validation procedures and documentation
• For more information

Merchant levels defined

All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (“DBA”). In cases where a merchant corporation has more than one DBA, members must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, members will continue to consider the DBA’s individual transaction volume to determine the validation level. Merchant levels are defined as:

Merchant Level*	Description
1	Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
2	Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
3	Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
4	Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

* New merchant level definitions effective of July 18, 2006.

** Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Back to top

Compliance validation basics

In addition to adhering to the PCI Data Security Standard, compliance validation is required for Level 1, Level 2, and Level 3 merchants, and may be required for Level 4 merchants.

Level	Validation Action	Validated By	Due Date
1	Annual On-site PCI Data Security Assessment and Quarterly Network Scan	Qualified Security Assessor or Internal Audit if signed by Officer of the company Approved Scanning Vendor	9/30/04 New level 1 merchants have up to one year from identification to validate.
2	Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan	Merchant Approved Scanning Vendor	New level 2 merchants: 9/30/2007
3	Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan	Merchant Approved Scanning Vendor	6/30/05
4*	Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan (if applicable)	Merchant Approved Scanning Vendor	Validation requirements and dates are determined by the merchant’s acquirer

*The PCI DDS requires that all merchants perform external network scanning to achieve compliance. Acquirers may require submission of scan reports and/or questionnaires by level 4 merchants.

Back to top

Validation procedures and documentation

Acquirers must ensure that their merchants validate at the appropriate level and obtain the required compliance validation documentation from their merchants. Acquirers must submit monthly status reports to Visa and all compliance validation documentation must be made available to Visa upon request. Acquirers and merchants should also verify the compliance reporting requirements of other payment card brands which may require proof of compliance validation.

Compliance validation takes place at the merchant’s expense, as follows:

• Level 1 Merchants
  The Annual On-Site PCI Data Security Assessment must be completed for Level 1 merchants according to the PCI Security Audit Procedures document. This document is also to be used as the template for the Report on Compliance.

  Level 1 merchants should engage a Qualified Security Assessor to complete the Report on Compliance and provide the report to their acquirer. Alternatively, acquirers may elect to accept the Report on Compliance from a level 1 merchant, provided that a letter signed by a merchant officer accompanies the report. Level 1 merchants must also submit the Confirmation of Report Accuracy form completed by their assessor to their acquirers.

  Acquirers must submit the Confirmation of Report Accuracy form and a letter accepting the merchant’s full compliance validation to Visa upon receipt and acceptance of the merchant’s validation documentation.

  Download the PCI Security Audit Procedures.

  Download the merchant Confirmation of Report Accuracy.

• Level 2/Level 3 Merchants
  The Annual PCI Self-Assessment Questionnaire must be completed by Level 2 and 3 merchants. Level 4 merchants may be required to complete the PCI Self-Assessment Questionnaire as specified by their acquirer.

  Download the PCI Self-Assessment Questionnaire.

Level 1/Level 2/Level 3 Merchants
The Quarterly Network Security Scan is an automated tool that checks systems for vulnerabilities. It conducts a non-intrusive scan to remotely review networks and Web applications based in the externally-facing Internet Protocol (IP) address provided by the merchant. Acquirers are responsible for ensuring that the quarterly network security scans required of their levels 1, 2, and 3 merchants are performed by an Approved Scanning Vendor. The Quarterly Network Security Scan is applicable to merchants with externally-facing IP addresses as specified by their acquirer. Quarterly Network Security Scans are not required of merchants that do not have externally-facing IP addresses.

Download the PCI Security Scanning Procedures.

Back to top

For more information

To learn more about the CISP, contact Visa via email at AskVisaUSA@Visa.com.

• Printable page

• Print Page
• Close Window

Top Downloads

• PCI Data Security Standard
• Qualified Security Assessor List
• List of CISP-compliant service providers PDF | 113k
• View all CISP downloads
• Get Acrobat Reader from Adobe.com

—
Bill Hoidas
District Sales Manager
Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.