Most merchants mistakenly believe that processing a cardholder’s three or four digit CVV2 value for a ‘card not present’ transaction (e.g. ecommerce) will help qualify for lower credit card rates. The CVV2 value is only valuable to protect against credit card fraud and has nothing to do with rate qualification. CVV2 is most often confused with Address Verification Service (AVS) which can be used to qualify for lower credit card rates.

CVV2 stands for Card Verification Value and was introduced by MasterCard in 1997 and Visa in 2001. For ‘swiped’ transactions, the value is referred to as CVV1. Each of the card brands has its own acronym:

Visa: CVV2 - Card Verification Value
MasterCard: CVC2 - Card Validation Code
American Express: CID – Unique Card Code (and 4 digits)
Discover: CID – Card Identification Number

Merchants are able to configure payment processing systems to accept or decline transaction requests based upon the match or mismatch of CVV2 information. So for example, if a merchant creates a rule to decline all transactions where the CVV2 value does not match, the authorization request could be successful with the issuing bank, but the transaction will be denied by the merchant. Even though the transaction was denied by the merchant, the consumer’s card will still be authorized.

PCI DSS Compliance prohibits merchants from storing the CVV2 code. For recurring billing, merchants can accept and validate the CVV2 value during the initial authorization but cannot store it for additional transactions. After the initial validation, there really is no value in storing it.

Other Related Blog Posts
PCI Prohibits the Storage of CVV2 Data
PCI DSS Compliance Basics
Where do Credit Card Fees Come From?

Mercator Advisory Group, an independent research firm in the payments industry, recently completed a study on alternative payments. This is a partial abstract of the report that I thought was very helpful in putting the online and alternative payment space in perspective with the payments industry as a whole:

While retail point of sale continues to be the largest area for consumer payments, online consumer spending has yet to reach its potential from the payment perspective. In 2000 less than 1 percent of sales were via the internet. Today, that spending is likely to be $116 billion in the United States, a full 5% of retail spending. But this annual growth is predicted to slow from 20 percent to 16 percent by year end and further to 13 percent by 2008. As these rates slow, online merchants must meet their customers “where they are” with the right payment mechanisms to maintain the highest possible growth and the widest possible sales funnel. Alternative payment systems are fast becoming an important way for merchants to sustain and accelerate that online sales flow.

This report and most others that analyze the affect of alternative payments show that by implementing additional payment types such as PayPal, Google Checkout, and Bill Me Later, merchants can increase sales by lowering shopping cart abandonment rates.

The study is much more extensive in the approach and analysis than what I’ve called out and these guys have a great reputation for quality work.

I read a great article today written by Steve Mott of Better By Design that was published in Digital Transactions about online security for ecommerce merchants. It provides a nice historical overview of online security and outlines the debate that is currently going on between issuing banks, credit card processors, and merchants. It also provides some needed context to my previous post Verified by Visa is not working.

Go back to 1995, when buying on the Web really got under way, to see how logic got stood on its head. That’s when the bank card associations worked closely with the key Internet infrastructure providers and an assortment of security firms to come up with a protocol that would provide substantive digital identification and verification of all parties to an online credit card transaction. The result was the much ballyhooed but quickly jettisoned Secure Electronic Transaction (SET) protocol. SET proved to be overkill-too slow and expensive for most consumers to use. So the first generation of e-commerce went on its merry way without it.

The bank card associations didn’t give up, however. Several years later, a stripped-down version of SET emerged, called 3-D Secure. 3-D means “three domains,” that is, the card- issuing bank, the acquiring processor, and the merchant all required extra digital security, but the consumer did not. All the consumer had to do was register the card and validate himself with an additional log-on each time it was used to make a purchase online.

Most didn’t bother. So the bank card industry decided to pre-register millions of their cards to nudge them along. When those consumers went online, they were forced to confirm the pre-registration process before they could use their cards. Not surprisingly, consumers abandoned those transactions in droves, and early-adopting e-commerce retailers quickly unhooked the troublesome 3-D Secure deployments. (more…)

Add this post to other sites: These icons link to social bookmarking sites where readers can share and discover new web pages.

• 
• 
• 
• 
• 
• 
• 

Capitalism is alive and well in the payment processing industry. Since 1949 when Diners Club issued the first ‘credit card’, the credit card issuing world has been highly lucrative. It’s become even more lucrative considering that in the past six years the fees that banks charge on every credit card transaction, known as Interchange, have increased an amazing 117%. That increase of profits has come directly out of the bottom line of every merchant who accepts credit cards a form of payment.

Those profits have also lured in quite a few players who want a piece of the action. Companies like PayPal, Google Checkout, Amazon, Tempo, Bill me Later, and Gratis Card are just a few who are trying to capture a small part of the pie. Others like Dream Play Ventures have been trying to squeeze themselves into the value equation by offering valued added services on top of processing like targeted advertising.

The opportunity for these companies is that Visa and MasterCard, which collectively account for something like 80% of all processing volume, represent over 20,000 financial institutions that are fat and happy making a lot of money with their current revenue model. They’ve unilaterally been able to raise their fees and dictate their terms for years now. They’ve created a lot of animosity in the process and left the door wide open for new entrants.

Each of the alternative payment providers has a different value proposition for merchants. Companies like Gratis Card and Tempo are making a play for lower cost interchange which offers merchants a reprieve in their credit card processing fees. Their focus is also primarily on ‘swiped’ merchants like restaurants and retailers.

Other providers, who are focused on ecommerce, like Bill Me Later, PayPal, Google Checkout have created value propositions that include higher conversion rates, customer convenience and accommodating buyer security fears and preferences.

There is certainly a land grab going on right now as all of these providers are working both sides of the demand and supply equation. They need consumers to demand the service from merchants and merchants need the demand to justify the option. PayPal and Google obviously see this and have been trying to buy market share to secure a top 1, 2 or 3 position.

There are many more entrants that what I’ve listed and their not all going to make it. Unlike the current boom in social networking where new entrants can be successful by carving out a vertical, payment providers including alternative payment types will have to achieve some level of critical mass to remain viable. If they don’t, they’ll end up like Peppercoin, a micro payments provider, who raised over $10MM and then got swept up for something probably substantially less than that.

PayPal is a great story. In less than 8 years they’ve been able to sign up 133 million users in over 100 markets. In 2006, they generated nearly 30% of eBay’s (PayPal is owned by them) $1.4 billion operating income.

But Amazon is about to rain on their parade.

The secret to PayPal’s lucrative business model is that they charge the equivalent of credit card fees for transactions that really amount to ACH (electronic check) transactions. The cost of an electronic check transaction is substantially less than a credit card transaction. (Click here to see where credit card fees come from.)

For example if you take payment from a PayPal user who’s pulled funds from their checking account, you’re going to pay 2.90% and .30 cents. PayPal’s cost on that is very small percent. In contrast, if someone uses a credit card to fund their PayPal account, PayPal jacks up the rate and charges the receiver 4.9% and .30 cents. PayPal has been making huge profits for years now using this model.

Amazon has squarely set their crosshairs on PayPal’s making machine of processing electronic check transactions at credit card rates. Amazon is the only player in the online payments space that could pull this off. They are leveraging 69 million registered and active Amazon users who can immediately replace their PayPal account with one from Amazon.

So with a third and probably final major entrant into the online payment processing space, PayPal, Google, and Amazon will have to hash it out between themselves. Google’s attempt at buying market share by waving fees has not been successful and their inability to access funds from a checking account has been a shortcoming. We’ll just to wait and see if this is a space they really want to play in.

Until then, most merchants are trying to gauge demand for each different payment type to determine if integrating all of these different methods makes sense.

PayPal had the sandbox all to themselves for quite sometime but they better start brainstorming about ways to replace the income they are going to lose when Amazon starts raining on their parade.